I am a google workspace administrator, and we use gmail for our domain. I have a server-side application that sends out email as a specific gmail user, say “[email protected]”. This application uses username and password as the required credentials for sending mail through gmail.

However, gmail is phasing out support for sending email via user name and password, and is replacing that with OAuth2 authentication.

Note that my use case does not require the user of my application to send email as him/herself. My emails are to be sent from my server as the specific workspace user “[email protected]”. So no user interaction would take place for authentication in sending emails.

In the gmail documentation https://developers.google.com/gmail/api/guides/sending, there is a sample program, gmail/snippets/src/main/java/SendMessage.java, which I believe is the template for sending email from a server-side program through gmail via OAuth.

Am I correct in assuming that this sample program is the template I should use for my use case?

If so, I am not sure how to set up and make available the required OAuth credentials to my program. Below is my incomplete understanding of the process. I would appreciate advice on completing my understanding of this process.

Step 1. Create a project. The link https://developers.google.com/identity given in the sample program leads to the following page which shows how to use the Google API Console to create a project.

https://developers.google.com/identity/protocols/oauth2/production-readiness/policy-compliance

Step 2. Create credentials and download them as the file: client_secret.json. The instructions at: https://developers.google.com/identity/protocols/oauth2/web-server show how to create OAuth credentials for the project.

Question 1. This step requires that a redirect URI to be provided. However, in my use case, the user is not involved in the authentication process. So no redirection need take place. Is the redirect URI still necessary but will not be used in my use case?

Step 3. Use the OAuth credentials in the sample program.

The first statement of the sendEmail program gets the credentials:

GoogleCredentials credentials = GoogleCredentials.getApplicationDefault()
.createScoped(GmailScopes.GMAIL_SEND);

The documentation for getApplicationDefault states that this call can get the credentials from a file specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS.

Question 2: Is the credentials file referred to by this environment variable the same as the client_secret.json produced in the credentials creation step above? If not, what should it contain?

Many thanks.

Azad