Google Gmail Oauth Client ID 认证指南

官方文档：https://developers.google.com/workspace/guides/configure-oauth-consent

https://developers.google.com/workspace/guides/create-credentials

参考视频：https://www.youtube.com/watch?v=tGDn3V-mIOM

https://www.youtube.com/watch?v=IZ1ZEjuJF8U

OAuth2 client ID and client secret

新建 project

project 控制台：https://console.cloud.google.com/cloud-resource-manager

 

 

Enable Gmail Api

 

 

 

点击 Gmail Api 并 Enable

 

新建 app

控制台：https://console.cloud.google.com/apis/credentials/consent

打开控制台，选择 project：

 

 

点击菜单 OAuth consent screen，新建 app

 

 

注：User type 只能选择 External，Internal 是给 Google Worksapce 用户使用的，是个收费的产品

step1：

 

 

 

step2：Scopes

这一步暂时不选择，直接 ’保存并继续‘

step3： add test users

 

 

step4：创建完成

 

 

step5: 发布 app，使 app 状态处于 In production 状态，防止 refresh token 失效

 

 

 

 

新建 OAuth 2.0 Client

控制台地址：https://console.developers.google.com/apis/credentials

点击 Credentials 菜单

 

 

 

保存并下载 .json 文件，可以命名为 credentials.json

 

获取 scope 对应的 code

浏览器中请求如下 url

• scope 是需要的权限 https://developers.google.com/gmail/api/auth/scopes

• [your_client_id] 是上一步 credentials.json 中的 client_id 参数

https://accounts.google.com/o/oauth2/v2/auth?
 scope=https://mail.google.com/&
 access_type=offline&
 redirect_uri=http://localhost&
 response_type=code&
 client_id=[your_client_id]

请求之后，浏览器地址栏会出现如下链接

 http://localhost/?code=4/0AX4XfWhkQGEQpDSfSwE2vOUDFpoNBLha_KBVYfngcBxnL0qLXQpEQ&scope=https://mail.google.com/

code 参数即我们需要的值

获取 access_token 和 refresh_token

Wsl 执行如下 url，code 来自上一步获取的 code，client_id，client_secret 均来自 credentials.json

 curl \
--request POST \
--data "code=4/0AX4XfWhkQGEQpDSfSwE2vOUDFpoNBVYfngcBxnL0VU1PlqLXQpEQ&client_id=358916748846-epks869ps.googleusercontent.com&client_secret=GOCSPX-ItJ5x6Bou5bTj&redirect_uri=http://localhost&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token

返回：

{
  "access_token": "ya29.a0ARrdaM_9OV_3KTHol3hDWZnFtuxkFOCxPKBul8YZbSkjjM1L4rfx-iw35R9o4F_K27xFwwt_BJ2lzcZj5nkPyTTj-xNJ038gr9qS_z1ESQ67SJ",
  "expires_in": 3599,
  "refresh_token": "1//0efEzWtmVh6BvCgYIARAAGA4SNwF-L9IrHZNakmKqCBBpMg--p5S4d9PgG2OzQY_26P6sHYrVc",
  "scope": "https://mail.google.com/",
  "token_type": "Bearer"
}

认证参考代码1 (java)

private Gmail gmailService = null;
private GoogleClientSecrets clientSecrets = null;
private static final String CREDENTIALS_FILE_LOCATION = "configuration/gmail/credentials.json";

@PostConstruct
public void init() throws IOException, GeneralSecurityException {
    log.info("init gmailService start ...");
    clientSecrets = GoogleClientSecrets.load(JsonUtils.JSON_FACTORY,
            new InputStreamReader(GmailUtils.class.getClassLoader().getResourceAsStream(CREDENTIALS_FILE_LOCATION)));
    Credential authorize = new GoogleCredential.Builder().setTransport(GoogleNetHttpTransport.newTrustedTransport())
            .setJsonFactory(JsonUtils.JSON_FACTORY)
            .setClientSecrets(clientSecrets.getDetails().getClientId(),
                    clientSecrets.getDetails().getClientSecret())
            .build().setAccessToken(getAccessToken(gmailConfig.getGmailSettings().getRefreshToken(), gmailConfig.getGmailSettings().getTokenUrl()))
            .setRefreshToken(gmailConfig.getGmailSettings().getRefreshToken());
    final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
    gmailService = new Gmail.Builder(HTTP_TRANSPORT, JsonUtils.JSON_FACTORY, authorize)
            .setApplicationName(gmailConfig.getGmailSettings().getApplicationName()).build();
    log.info("init gmailService completed ...");
}

private String getAccessToken(String refreshToken, String tokenUrl) {
    Map<String, Object> params = new LinkedHashMap<>();
    params.put("grant_type", "refresh_token");
    params.put("client_id", clientSecrets.getDetails().getClientId());
    params.put("client_secret", clientSecrets.getDetails().getClientSecret());
    params.put("refresh_token", refreshToken);

    RequestBody authRequestBody = RequestBody.create(MediaType.parse("application/json;charset=UTF-8"), JsonUtils.toString(params));
    Request request = new Request.Builder()
            .url(tokenUrl)
            .method("POST", authRequestBody)
            .build();
    String response = netUtils.executeRequest(request);
    JSONObject json = new JSONObject(response);
    return json.getString("access_token");
}

 认证参考代码2 (java)

public static Adsense createAdsense(AdsenseAccount account) throws IOException {
        HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

        GoogleRefreshTokenRequest request = new GoogleRefreshTokenRequest(HTTP_TRANSPORT, JsonUtils.JSON_FACTORY,
                account.getRefreshToken(), account.getClientId(), account.getClientSecret())
                .setScopes(Collections.singleton(AdsenseScopes.ADSENSE_READONLY));

        Credential credential = new Credential.Builder(BearerToken.authorizationHeaderAccessMethod())
                .setTransport(HTTP_TRANSPORT)
                .setJsonFactory(JsonUtils.JSON_FACTORY)
                .setTokenServerUrl(new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL))
                .build()
                .setFromTokenResponse(request.execute());

        return new Adsense.Builder(HTTP_TRANSPORT, JsonUtils.JSON_FACTORY, setHttpTimeout(credential)).setApplicationName("ad-data-scraper").build();
    }