farmerswife Support

Welcome
Login  Sign up
  1. Solution home
  2. IT Admin Configurations
  3. 3rd Party Integrations

How to setup Google Business account to be used for the fw Server-side > Allow Mail > "Outgoing Mail Server (SMTP)"

NEW with v7.1 in Q3 2024:


For "Allow Mail" implemented "Gmail API" integration using "impersonation" and "OAuth2 Google Cloud authentication" using a "Google Service Account" for any Email send-out from the fw Server app!


Background: Gmail has deprecated "basic" authentication! The previously working "App Password" no longer works!


Short setup info:


Requires: 

  • You need to use a "Google Business" account in order to be able to use the Google API in combination with "Google Service Accounts", "Impersonation" and "OAuth2 Google Cloud authentication". 
    These feature are not available in a free Gmail account.
  • Before you get started, ensure your Google user has a "Super Admin" Google Cloud Permission level!


Create a Google Cloud Platform Service Account within a Project, grant needed Permissions and download the JSON private key via "Google Cloud IAM & Admin". 

 

Save and Rename the generated private JSON file to "google-service-private-key.json" and upload it to your fw Server app's  "system" folder.

 

You need to use the optional farmerswife Server-side "server.cfg" (more info here) file and modify these 2 new variables:

GMAIL_OAUTH2_ENABLED 1
GMAIL_OAUTH2_IMPERSONATIONEMAIL example@farmerswife.com

In fw Server > Setup > General > 

Allow Mail: Yes

Outgoing Mail Server (SMTP): smtp.gmail.com

Sub-menu > Use TLS: Yes

Port: 587


Detailed setup info:


Step 1: Create a New Project 

Open a web browser and go to the Google Cloud Console: https://cloud.google.com/


At the top click on the "Select a resource" selector and and click on the "NEW PROJECT" button:

Give your Project a unique and recognizable name; e.g. "farmerswifeAllowMailGmailAPI" and click on "CREATE".:

Step 2: Create a Service Account

Go to the Google Cloud Console: https://console.cloud.google.com

Make sure you're inside the correct project where you want to create the service account.

=> New created: "bw-AllowMail-oAuth2”


In the navigation menu on the left, go to: IAM & Admin > Service Accounts.

Click the Create Service Account button.

=> screen shot


Give your Service Account a descriptive name, e.g. "farmerswife AllowMail GmailAPI Integration Service Account".

Click Create. 

Use the "CREATE AND CONTINUE" button.


Now on "Grant this service account access to project".

=> farmerswife AllowMail GmailAPI Integration Service Account


Step 2: Grant Permissions

Select the newly created service account from the list.

Click the Roles tab.

Click the Add button to assign roles.

In the search bar, type "Service Account User".

=> screen shot


Select the role "Service Account User". 

=> This grants basic permissions for the service account to act on your Google Cloud Project's resources.

Click the CONTINUE button. 

+ added "yourdomainname.com" on "Grant users access to this service account (optional)".


Step 3: Generate and Download JSON Private Key

Go to the Keys tab of your service account.

Click the Add key button and select Create new key.

Choose the key type as JSON.

Click Create.

A JSON file containing the private key will be downloaded. Save this file securely as it will be used to authenticate your application with Google Cloud.


Step 4: Grant Impersonation Access (Optional)

If you need the service account to impersonate a specific user for Gmail access, you'll need to perform this additional step.

Go to the IAM & Admin > IAM section.

In the search bar, type the email address of the user you want the service account to impersonate.

Click on the user's email address.

Click the Add another role button.

Search for the role "Roles/iam.serviceAccountUser".

Select the role and click the Save button.


Important info:

Keep the JSON private key confidential. Do not share it publicly or embed it directly in your code. Consider storing it securely using Google Cloud Secret Manager.


Enable the Gmail API in the Google Cloud Console for your project before using the service account for Gmail access. (https://www.youtube.com/watch?v=1EOV3AvJ2-s)


Refer to the official Google documentation for detailed instructions and code samples for using service accounts with the Gmail API: https://support.google.com/mail/answer/138350?hl=en


By following these steps, you'll have a Google Cloud Platform Service Account with the necessary permissions and private key for integrating with the Gmail API using impersonation and OAuth2 authentication. 

Remember to prioritize security by properly managing the service account credentials.






Did you find it helpful? Yes No

Related Articles