'How to send service emails via Gmail (machine-2-machine) with secure restrictions?

How to send service emails

  • from my backend with smtp.google.com or Gmail API while making sure
  • the secret stored on the backend server can only be used to send emails from a specific sender?

Goal

  • send user account activation emails from my backend
  • use smtp.google.com or Gmail API (i.e. no own SMTP server)
  • authenticate with OAuth2.0 (i.e. don't enable "less secure apps")

Current state

  • implemented the email sending part
  • for testing, I created a noreply@**.** Google Suite account
  • for testing, I generated an accessToken via OAuth2 Playground
  • using the accessToken I can send emails via smtp.googl.com

Problem

  • Google suggests to use a service account for this
  • But to send emails from [email protected] I have to enable Domain-wide Delegation
  • Domain-wide delegation allows to impersonate every domain account
  • the secret stored on the backend should only allow to send mails from no-reply@**.**
google-apigmailgoogle-oauthgoogle-iam


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Google Maps API not returning some postal codes (French cities)

How to integrate Google Picker with new Google Identity Services JavaScript library

Google's "define: " through an API?

How to access Google calendar in Android

How do I access (read, write) Google Sheets spreadsheets with Python?

How to MODIFY a Google Docs document via API using search-and-replace?

Android 5.0 IllegalArgumentException: Service Intent must be explicit: on com.google.android.location.internal.GoogleLocationManagerService.START

jest unit test mock google oauthClient in nestjs

Svelte how to import

People API - QUOTA_EXCEEDED / FBS quota limit exceeded

Decode integrity token using Google PlayIntegrity API

How to use Google API credentials json on Heroku?

Batch request Google Calendar php API

Batch request Google Calendar php API

Using Python to do basic Google Drive operations without web server authentication