Skip to Content (Press Enter)
CommunityForgeAssets listGmailExplorer
Login to follow
GmailExplorer

GmailExplorer (ODC)

Stable version 0.1.0 (Compatible with ODC)
Uploaded on 25 Feb (4 weeks ago) by joao ferreira
GmailExplorer

GmailExplorer (ODC)

Documentation
0.1.0

Connecting to Gmail using 3-Legged OAuth 2.0

This process allows our application to securely connect to your Gmail account so we can read, send, or organize emails on your behalf without ever seeing your password.

Phase 1: Google Cloud Console Setup

  1. Create a Project
    • Go to the Google Cloud Console.
    • Click the project dropdown (top left) > New Project.
    • Name it and click Create.
  2. Enable the Gmail API
    • In the left sidebar, go to APIs & Services > Library.
    • Search for "Gmail API", click on it, and select Enable.
  3. Configure the OAuth Consent Screen
    • Go to APIs & Services > OAuth consent screen.
    • User Type: Select External (for any Google user) or Internal (for Workspace users only).
    • Fill in the App Information (Name, Support Email, etc.).
    • Scopes: Add the permissions needed (e.g., https://mail.google.com/).
    • Test Users (External only): Add your own email address for testing.
  4. Create Credentials
    • Go to APIs & Services > Credentials.
    • Click Create Credentials > OAuth client ID.
    • Select Web application.
    • Add your Authorized redirect URIs (e.g., https:// [YOUR_ODC_TENANT] /GmailExplorer/LandingScreen).
    • Click Create and securely save your Client ID and Client Secret.

Phase 2: The 3-Legged OAuth FlowLeg 1: Redirect User to Google

The app constructs a URL and redirects you to Google's authorization server.

  • Endpoint: https://accounts.google.com/o/oauth2/v2/auth
  • Key Parameters: client_id, redirect_uri, response_type=code, access_type=offline, and prompt=consent.

Leg 2: Handle the Callback

After you consent, Google redirects you back to the app with a temporary code.

https:// [YOUR_ODC_TENANT] GmailExplorer/LandingScreen?code=4/0Afge...&scope=...

Leg 3: Exchange Code for Tokens

The server securely exchanges that temporary code for usable tokens.

  • Endpoint: https://oauth2.googleapis.com/token
  • Tokens Received: An Access Token (valid for ~1 hour) and a Refresh Token (used to get new access tokens without requiring you to log in again).

Phase 3: Making API Requests

The app can now use the Access Token to securely call the Gmail API.

GET https://gmail.googleapis.com/gmail/v1/users/me/messages
Authorization: Bearer [YOUR_ACCESS_TOKEN]