The question is specific to gmail business/ educational accounts. In order to read emails from a gmail account i have written a dll in c++ which executes IMAP commands and then parses their responses. With the current IMAP implementation i need to login to each users mailbox with his username and password information. So i was wondering if there is any option in gmail business with which i can login to multiple users in a domain with single admin users credentials and without to need to get password from each indivdual user in the domain?
You could create a Service Account in the Google Developers Console and give it access to the Email scope for the domain. Whenever you want to access a mailbox, you'd obtain an access token (which can be cached for up to an hour) and then use it with the XOAUTH2 SASL for authentication.
https://developers.google.com/gmail/xoauth2_protocol
Related
I am building a service where I need to fetch certain messages from different users' Gmail inboxes. I have searched for a way to do this, only to keep stumbling on google OAuth flow. Is there a way I can authenticate with Gmail API, without the OAuth flow, and access different users inbox and fetch the messages? Because I won't be needing a GUI as this service will run on a server.
The first thing you need to understand is the diffrence between private and public data. Public data is data that is data that you can access without permisison. For example public videos uploaded to YouTube. Google holiday calendars on Google calendar.
private data is data that is owned by a user, to access that data you need the permission of a user with access.
To access some ones personal Gmail email account you need their permission the only way to get that permission is to use Oauth2. YOu will need to use oauth2 to request consent of the user once the user has consented if you also requested offline access you will get a refresh token. The refresh token can then be used by your backend system to request a new access token when ever it needs to. This access token can then be used to access the Gmail api.
As you have stated these are standard gmail accounts you want to access. There is no other option. A user must grant you access to their data.
I'm curious if it's possible to gain access to the Gmail settings of all users within a domain once a user with Admin access authenticates. I know using the Admin SDK, you have access to user settings, however, I'd like to setup email forwarding and it doesn't seem like it's possible without each user authenticating.
You may refer with this SO thread. Before you can call the Gmail API you need to use the service account "JWT flow" in your code to retrieve an OAuth2 credential for the Gmail user you want to access. Here is the documentation. You may also check this related post.
I am using outlook mail api, and trying to get emails from a shared mailbox.
Currently the mails of the user mailbox are fetched. I cant find a way to keep the same user but different mailbox.
No, it isn't (at least not currently). When you use the Authorization Code Grant flow to log in a user, the user consents only to allow the app to access their information. That consent doesn't include other folks information that they've shared with that user.
If you change your application to use the Client Credentials flow, then an administrator can grant the application access to all mailboxes in their organization. That's not quite the same scenario, but if your app needs to access multiple mailboxes, it might be a better solution for you.
Being authenticated as user1, i'd like to retrieve mails of all the users who have delegated access to user1.
So i have two problems :
Retrieve all the accounts that have delegated access
Retrieve the mails
The emails-settings-API gives acccess to delegates, not delegators.
Is there a way to do that progamatically.
Feel free to ask for more information
To find out who has given you delegated access to their account, you would need to perform the retrieve delegates API call:
https://developers.google.com/google-apps/email-settings/#retrieving_all_gmail_delegates
for all users in your Google Apps instance.
Programmatic access to a user's gmail mailbox is provided by IMAP OAuth logins:
https://developers.google.com/google-apps/gmail/oauth_overview
However, there is currently no way for a delegate to access a delegators mailbox via IMAP so I'm afraid you're out of luck.
If you are an administrator, you can use IMAP OAuth login along with service accounts:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
this will give you programmatic access to all users in your Google Apps instance.
Jay
I have an existing application that has standard user accounts, and we've just finished integrating Facebook login as an option. It works quite well, but if someone tries to login using Facebook for an email address that already exists as a user of the system, I'd like to associate them with the existing user account.
Before I go ahead and do that, though, is it safe to just do it, without requiring that the user login first? If Facebook says a user has a certain email address, how confident can I be that it's not fake?
I could, if required, set it so that the user needs to login to my app, then associate the Facebook account manually, but I'd prefer to keep it as simple as possible for them, without adding all kinds of steps.
Thoughts?
I think the best option would be having the user login into their account on your site before associating the Facebook account.
Assume a condition that a user on your site does not have a Facebook account associated with the email address they use to identify themselves on your site. A malicious user creates one using their email address, goes to your site to associate accounts, and takes over the original users account.
I believe Facebook does not require email address authentication to use the account.