We've got a google apps for eduction domain, and until recently we were happily using gmail_xoath and imap to get other users unread email counts to display on their portal front page.
We've been using Nicolas' excellent gmail_xoauth gem found here.
http://ift.tt/1PnpBdd
And our code looked like this.
require 'gmail_xoauth'
imap = Net::IMAP.new('imap.gmail.com', 993, usessl = true, certs = nil, verify = false)
imap.authenticate('XOAUTH', @email,
:two_legged => true,
:consumer_key => consumer_key,
:consumer_secret => consumer_secret()
)
@messages_count = imap.status('INBOX', ['UNSEEN'])['UNSEEN']
imap.disconnect
Notice how we're using the consumer_key and the consumer_secret that we got from our google apps admin in the Manage OAuth key and secret for this domain section.
Now we need to upgrade to Oauth2. gmail_xoauth does support XOAUTH2, and I followed this procedure to test that.
Create a project in my google developer console, using the installed app option. I'm signed into google as a domain admin for our google apps domain.
Using this page, http://ift.tt/1kOBnzP, send off the client_id and client_secret to obtain an Access Token. During that process I give the application authority to access my email by a consent screen.
Stick that access_token into this code
require 'gmail_xoauth'
@access_token = "access_token"
@email = "my email address"
imap = Net::IMAP.new('imap.gmail.com', 993, usessl = true, certs = nil, verify = false)
imap.authenticate('XOAUTH2', @email, @access_token)
@messages_count = imap.status('INBOX', ['UNSEEN'])['UNSEEN']
imap.disconnect
That works, happy days!!
The problem I now have, is how do I tell my google apps domain to allow that project to access other users email data, wihtout asking them if they wany to allow it?
I tried this approach
Sign into Google Domain Admin Console as an admin
Click on Security
CLick Show More
Click Advanced
Click Manage API CLient Access
Enter the Client ID of the project created
Enter the Scope for IMAP access, http://ift.tt/nP7iLr
Once that was done, I still hept getting Invalid Credentials errors when trying to count the number of messages in other users mailboxes, as denoted by their email address.
I'm pretty sure I've misread some docs somewhere, and I'm doing something stupid, but I can't seem to work out what it is.
I'm thinking that maybe adding the project like that to the google apps domain isn't the correct way of authorising an application to access other users data in the domain. I've seen service accounts mentioned, and migrating to Oauth2, and various other possible solutions, but can't get any of them to work.
What I'd really like to know is what is the suggested approach that definitely works, and then I'll concentrate on that.
If anyone has any advice tips links, anything at all, I'd be eternally grateful.
Matt
Aucun commentaire:
Enregistrer un commentaire