Create service account credentials for gmail API

Question

I have read this , this (PHP but to get any help), this , this and then the deprecated related changes here and the reply to the last one that points to the github where the credentials process has been explained. But am having no success with getting the sample code here to work.

The steps that I have taken:

1. Was already working on a GCP cloud project which needs to send out this email, as a service account.
2. Had created an additional service account just to handle email API and authorized it by adding API access and domainwide delegation to the service account here .

The error "code 400, FAILED_PRECONDITION persisted.

3. Then I added the domainwide authorization to the main service account for the entire GP project, downloaded those credentials (using the.json file) and have had no luck

Two specific issues:

1. Where do I add the email address of the sender during credential creation - I think, in my limited knowledge, that the actual email (the GCP Project owner email) needs to be added somewhere. It is used during create message call, of course, but it needs to be added to the credential process as well.
2. Similarly, where do I add serviceAccountUserEmail - it was there in deprecated GoogleCredential, but not there in GoogleCredentials (the new class ends in 's').

The code is here:

public class Main {
    private static final String APPLICATION_NAME = "Gmail mail server";
    private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();

    public static void main(String[] args) throws IOException, MessagingException {
        final GoogleCredentials creds = ServiceAccountCredentials.fromStream(new FileInputStream("resources/credentials.json"))
                .createScoped(GmailScopes.GMAIL_SEND, GmailScopes.GMAIL_COMPOSE, GmailScopes.GMAIL_MODIFY, GmailScopes.MAIL_GOOGLE_COM);
        HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(creds);
        HttpTransport transport = new NetHttpTransport.Builder().build();
        // Construct the gmail object.
        Gmail gm = new Gmail.Builder(transport, JSON_FACTORY, requestInitializer)
                .setApplicationName(APPLICATION_NAME)
                .build();

        //create the message
        String to = "<a real email id>";      //actual email address used, is masked for privacy
        String from = "<GCP Project Owner email ID>";         //actual email address that owns the GCP project
        String subject = "Test...";
        String bodytext = "\nHello ..  first test email ...";

        MimeMessage an_email = createEmail(to, from, subject, bodytext);
        Message ret_val = sendMessage(gm, "<actual email of GCP Project Owner, not string me", an_email);
    }
}

The rest of the code is an actual copy paste of what has been provided in the GCP Gmail API so am not reproducing it all over again.

All guidance is welcome. My proficiency in Java is average, so please help with a little more detailed guidance.

Thanks

Answer 1

To implement impersonation with GoogleCredentials use createDelegated(String user) :

final GoogleCredentials creds = ServiceAccountCredentials.fromStream(new FileInputStream("resources/credentials.json"))
     .createScoped(GmailScopes.GMAIL_SEND, GmailScopes.GMAIL_COMPOSE, GmailScopes.GMAIL_MODIFY, GmailScopes.MAIL_GOOGLE_COM);
final GoogleCredentials delegatedCreds = creds.createDelegated(userEmail);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(delegatedCreds);
HttpTransport transport = new NetHttpTransport.Builder().build();
// Construct the gmail object.
Gmail gm = new Gmail.Builder(transport, JSON_FACTORY, requestInitializer)
      .setApplicationName(APPLICATION_NAME)
      .build();

• Thereby, the sender of the email will be the user impersonated by the service account userEmail .
• The owner of the GCP project / creator of the service account is not relevant and does not need to be specified, every Service Account User with the respective permisisons can use the service account for his domain.