Configuring the Google App for Gmail OAuth 2.0

Configuration in the Google Cloud Console

1. Navigate to the Google Cloud Platform Console.
2. From the projects list, create a new project.
3. From the new project, enable the Gmail API.
   1. Open the navigation menu .
   2. Select APIs & Services and Enabled APIs & services.
   3. Click Enable APIs and services.
   4. Search for "Gmail API," then click Gmail API and Enable.
4. Configure the OAuth Consent Screen
   1. Open the navigation menu .
   2. Select APIs & Services and OAuth consent screen.
1. Under App Information, specify App name and User support email. Click Next.
2. Under Audience, check External, and click Next.
3. Under Contact Information, specify an Email address, and click Next.
4. Under Finish, check I Agree to the Google API Services: User Data Policy.
5. Click Create.
5. Navigate to the Audience tab, and click PUBLISH APP to change the app setting to In production.
6. Navigate to the Clients tab.
1. Click Create client and select Web application for Application type.
• Name: Specify a name for the client.
• Authorized JavaScript origins: Specify the origin of Import Agent web service. To find the JavaScript origin in the Import Agent:
  1. Open the Import Agent Profile Manager.
  2. Navigate to the Profile menu.
  3. Open the Options dialog box, and select the Email Server tab.
  4. Select Gmail OAuth 2.0 as the Authentication type, and refer to the JavaScript origin section.
2. Click Create.
3. After creating the credential, copy and save the following values:
• Client ID will be used as the Application (client) ID in Import Agent.
• Client secret will be used as the Client secret in Import Agent.

Troubleshooting

The message "Google hasn’t verified this app" occurs during authorization.

Solution:

1. Click Advanced.
2. Click Go to <app name> consent screen (unsafe).

Note: This warning appears because the Google app is not verified. Verification is not required if only system administrators configure the email settings.

Error 400: redirect_uri_mismatch

Cause: The authorized JavaScript origin configured in Google Cloud Console does not match the JavaScript origin configured in Import Agent.

Solution: Verify that the Authorized JavaScript origins in Google Cloud Console exactly match the JavaScript origin shown in the Import Agent Profile Manager. (See step 6a above to locate the JavaScxript origin.)

Error: "HttpStatusCode is Forbidden. Delegation denied for xxx@gmail.com" occurs when testing.

Cause: The Sender address does not match the email account used during authorization.

Solution: Ensure that the Sender address in Import Agent matches the email address used to authorize the Google app. To check the Sender address:

1. Open the Import Agent Profile Manager.
2. From the Profile menu, select Options.
3. On the Email Server tab , select Gmail OAuth 2.0 for the Authentication type.
4. Locate the Sender address section.

References

• OAuth 2.0 Mechanism | Gmail | Google for Developers
• Setting up OAuth 2.0 - Google Cloud Platform Console Help
• https://developers.google.com/workspace/guides/configure-oauth-consent
• https://developers.google.com/workspace/guides/create-credentials