For "Allow Mail" implemented "Gmail API" integration using "impersonation" and "OAuth2 Google Cloud authentication" using a "Google Service Account" for any Email send-out from the fw Server app!
Background: Gmail has deprecated "basic" authentication! The previously working "App Password" no longer works!
Short setup info:
Requires:
- You need to use a "Google Business" account in order to be able to use the Google API in combination with "Google Service Accounts", "Impersonation" and "OAuth2 Google Cloud authentication".
These feature are not available in a free Gmail account. - Before you get started, ensure your Google user has a "Super Admin" Google Cloud Permission level!
Create a Google Cloud Platform Service Account within a Project, grant needed Permissions and download the JSON private key via "Google Cloud IAM & Admin".
Save and Rename the generated private JSON file to "google-service-private-key.json" and upload it to your fw Server app's "system" folder.
You need to use the optional farmerswife Server-side "server.cfg" (more info here) file and modify these 2 new variables:
GMAIL_OAUTH2_ENABLED 1 GMAIL_OAUTH2_IMPERSONATIONEMAIL example@farmerswife.com
In fw Server > Setup > General >
Allow Mail: Yes
Outgoing Mail Server (SMTP): smtp.gmail.com
Sub-menu > Use TLS: Yes
Port: 587
Detailed setup info:
Step 1: Create a New Project
Open a web browser and go to the Google Cloud Console: https://cloud.google.com/
At the top click on the "Select a resource" selector and and click on the "NEW PROJECT" button:
Give your Project a unique and recognizable name; e.g. "farmerswifeAllowMailGmailAPI" and click on "CREATE".:
Step 2: Create a Service Account
Go to the Google Cloud Console: https://console.cloud.google.com
Make sure you're inside the correct project where you want to create the service account.
=> New created: "bw-AllowMail-oAuth2”
In the navigation menu on the left, go to: IAM & Admin > Service Accounts.
Click the Create Service Account button.
=> screen shot
Give your Service Account a descriptive name, e.g. "farmerswife AllowMail GmailAPI Integration Service Account".
Click Create.
Use the "CREATE AND CONTINUE" button.
Now on "Grant this service account access to project".
=> farmerswife AllowMail GmailAPI Integration Service Account”
Step 2: Grant Permissions
Select the newly created service account from the list.
Click the Roles tab.
Click the Add button to assign roles.
In the search bar, type "Service Account User".
=> screen shot
Select the role "Service Account User".
=> This grants basic permissions for the service account to act on your Google Cloud Project's resources.
Click the CONTINUE button.
+ added "yourdomainname.com" on "Grant users access to this service account (optional)".
Step 3: Generate and Download JSON Private Key
Go to the Keys tab of your service account.
Click the Add key button and select Create new key.
Choose the key type as JSON.
Click Create.
A JSON file containing the private key will be downloaded. Save this file securely as it will be used to authenticate your application with Google Cloud.
Step 4: Grant Impersonation Access (Optional)
If you need the service account to impersonate a specific user for Gmail access, you'll need to perform this additional step.
Go to the IAM & Admin > IAM section.
In the search bar, type the email address of the user you want the service account to impersonate.
Click on the user's email address.
Click the Add another role button.
Search for the role "Roles/iam.serviceAccountUser".
Select the role and click the Save button.
Important info:
Keep the JSON private key confidential. Do not share it publicly or embed it directly in your code. Consider storing it securely using Google Cloud Secret Manager.
Enable the Gmail API in the Google Cloud Console for your project before using the service account for Gmail access. (https://www.youtube.com/watch?v=1EOV3AvJ2-s)
Refer to the official Google documentation for detailed instructions and code samples for using service accounts with the Gmail API: https://support.google.com/mail/answer/138350?hl=en
By following these steps, you'll have a Google Cloud Platform Service Account with the necessary permissions and private key for integrating with the Gmail API using impersonation and OAuth2 authentication.
Remember to prioritize security by properly managing the service account credentials.