2

I have a Python code that was using SendGrid API to send emails, but now I want to migrate to Google in order to send business emails. It also runs in Docker containers.

I followed Gmail Python Quickstart in order to use Gmail API in my Python code and the problem is that when trying to send email, it shows an authorization link in Docker logs in order to get token, etc.

Is there a way to complete authorization in the background without any further interaction or use an API key just like SendGrid to programmatically authenticate your application?

I am a service provider and want to send emails such as reset password links, confirmation code, etc. automatically; the code is deployed on a Linux host. I have access to workspace account, and I already have verified my domain.

Improve this question
0

1 Answer 1

Reset to default
2

The tutorial you are following is designed for an installed application. Hence the InstalledAppFlow.

It states it at the top of the file.

Authorization credentials for a desktop application. To learn how to create credentials for a desktop application, refer to Create credentials.

This means when your code runs it is going to pop up the consent screen on the machine the code is running on, in this instance Docker.

flow = InstalledAppFlow.from_client_secrets_file(
            'credentials.json', SCOPES)

You need to create it using a web application so that your users can consent to your application accessing their data and their Gmail account.

Automated send emails service account option.

You were not clear as who you are sending emails for. As you are using send grid, it implies to me this is some kind of automated system. Which would mean that you are trying to send emails on behalf of a Gmail account that you control.

In that case you would most often want to use a service account. Service accounts allow for server-to-server interaction between Google APIs. However, service accounts will only work with Gmail if this is a Google workspace Gmail account and you can set up domain-wide delegation.

There is an example in the documentation. Just change it to Gmail scopes. The key point is the create_delegated which must be a user on your domain.

from googleapiclient.discovery import build
from oauth2client.service_account import ServiceAccountCredentials

# Email of the Service Account
SERVICE_ACCOUNT_EMAIL = '<some-id>@developer.gserviceaccount.com'

# Path to the Service Account's Private Key file
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/path/to/<public_key_fingerprint>-privatekey.p12'

def create_directory_service(user_email):
    """Build and returns an Admin SDK Directory service object authorized with the service accounts
    that act on behalf of the given user.

    Arguments:
      user_email: The email of the user. Needs permissions to access the Admin APIs.
    Returns:
      Admin SDK directory service object.
    """

    credentials = ServiceAccountCredentials.from_p12_keyfile(
        SERVICE_ACCOUNT_EMAIL,
        SERVICE_ACCOUNT_PKCS12_FILE_PATH,
        'notasecret',
        scopes=['https://www.googleapis.com/auth/admin.directory.user'])

    credentials = credentials.create_delegated(user_email)

    return build('admin', 'directory_v1', credentials=credentials)

Standard Gmail solution

You can run your application once, and then when you place it in the Docker container, make sure that you include the token.json file that was created this is the file that contains the credentials that grant the application access to your account.

If you open it you will find an access token and a refresh token within. The refresh token will give your application the ability to request a new access token whenever it needs one.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank for the explanation. I am a service provider and want to send emails such as reset password links, confirmation code etc and code is deployed on a Linux host. Indeed I am in trial phase of my workspace account and already verified my domain.
If you can use workspace then this will be a lot easer for you. I have a tutorial on how it works but its using C# you can scan though it. Gmail api with google workspace and .net I added a python example from the docs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.