Creating Gmail client id and secret
Author: Michael J. Leaver, 2BrightSparks Pte. Ltd.
Although you can use application passwords with Gmail (to email logs or backup your email) you may want to instead use the more secure OAuth method. To do this you must first create a unique client ID and client password. Think of these as usernames and passwords, so instead of entering your real username and password into an application (like SyncBack) you can instead use the client ID and client password.
This process is the same as creating a client ID and password for GDrive, with the only difference being the scopes that are used. Scopes define what can be done by the application that uses the client ID and password. SyncBack requires four scopes:
- .../auth/userinfo.email (a non-sensitive scope, required to see your primary Google Account email address)
- .../auth/userinfo.profile (a non-sensitive scope, required to see your personal info, including any personal info you've made publicly available)
- .../auth/gmail.send (a sensitive scope, required to send email on your behalf)
- https://mail.google.com/ (a restricted scope, required to read, compose, send, and permanently delete all your email from Gmail)
Creating a Project
First, we must create a project:
- Go to the Google Developers Console: https://console.cloud.google.com/
- Click the Select a project drop-down menu on the left side of the page. A pop-up window appears on the screen.
- Click NEW PROJECT on the top-right of the pop-up window.
- Enter a Project name, e.g. SyncBack Gmail, then click the CREATE button.
- It may take a while for the project to be created. Once the project is created, select it from the menu at the top.
Scopes
Now we have a project we must define what it can access:
- Click the burger menu on the top-left of the window and select Enabled APIs & services.
- Click + ENABLE APIS AND SERVICES at the top of the window.
- Enter gmail into the search box and press Enter
- Click the Gmail API box...
- ...then click the ENABLE button. It may take a few moments to enable it.
- Once enabled, click OAuth consent screen on the left of the window.
- Select the User Type as External. Click the CREATE button.
- Enter an app name, e.g. SyncBack Gmail, and use your own Gmail email address for the user support email.
- Scroll down and use your own Gmail email address for the developer contact. Next, click SAVE AND CONTINUE.
- Click the ADD OR REMOVE SCOPES button. A new window appears on the right side of the screen.
- You may need to scroll down to the Manually add scopes section.
- Add https://mail.google.com under the Manually add scopes section. Click the ADD TO TABLE button.
- The newly added entry is displayed on the Filter table (you may need to scroll up).
- In the Filter table, tick the userinfo.email and userinfo.profile checkboxes.
- In the Enter property name or value edit box, enter gmail.send and press Enter.
- Tick the Gmail API checkbox then click the UPDATE button at the bottom.
- You should see four scopes listed: userinfo.email and userinfo.profile in Your non-sensitive scopes, Gmail API in Your sensitive scopes, and https://mail.google.com in Your restricted scopes. It is critically important those four scopes are there. If not, repeat the steps above.
- It all four are listed, click the SAVE AND CONTINUE button at the bottom of the window.
Users
Now we need to define which users can use this project. If you don't add the Gmail email addresses you want to use then this will not work:
- Click + ADD USERS and enter your email address (the email address you will use in SyncBack to either email logs or backup your emails). You can add multiple email addresses. Click ADD once you've added all the email addresses.
- Click SAVE AND CONTINUE.
- A summary is shown. Scroll down and click the BACK TO DASHBOARD button.
Credentials
We are now ready to create the client ID and client secret that will be used in SyncBack:
- Click Credentials on the left of the window.
- Click + CREATE CREDENTIALS and select OAuth client ID from the pop-up menu.
- For the Application type select Desktop app
- Enter a name, e.g. SyncBack Gmail, then click CREATE.
- Once created (it may take a few moments) a pop-up window appears on the screen displaying the Client ID and Client secret code. You need to securely store the Client ID and Client Secret as these are used in SyncBack to access Gmail. Click DOWNLOAD JSON to store them in a file (which can be used by SyncBack). Once you've done that, click OK to close the pop-up window.
Publish
Finally, we can make the project available to use by SyncBack:
- Click the OAuth consent screen link on the left.
- Click the PUBLISH APP button.
- A pop-up window appears (Push to production?). Click CONFIRM.
- Congratulations! You can now use the client ID and client secret in SyncBack to email logs or to backup your email. IMPORTANT: DO NOT CLICK PREPARE FOR VALIDATION!
Using ID and Secret
When you enter the client ID and secret into SyncBack, and have to authorize it for use, you need to approve it:
- First, you will receive a warning about the app not being verified. Click Advanced:
- Next, click the Go to SyncBack Gmail (unsafe) link - note that the exact text depends on what you named your project:
- Next, click the Continue button:
- Click the Select all checkbox at the top, then click Continue:
- You will now get a confirmation message. Return to SyncBack and it will also confirm that SyncBack is authorized: