2

I want to implement a backend server that can read (to perform some action) users gmail every time a new mail is received. I am able to figure out that using gmail API users.watch, my server can be notified every time a new email is received. Now, for fetching new mails from gmail my server needs User credentials (Auth token) that are provided by the user at the time of opting in to be watched. Is there anyway these credentials can be sent to my server along with the push notification (maybe using users.watch API).

One method I came across to achieve the same is to store auth and refresh token in a DB, that will be accessible only by my server. But it will be better if the purpose can be achieved without storing credentials in the DB.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Akshat Jain
  • 23
  • 2

1 Answers1

2

When the user authenticates your application you are given a refresh token assuming that you requested offline access. You should store this in a secure place associated with the user on your server.

When you get a push notification you should then retrieve the refresh token that you have stored on your server and use that to request a new access token that you can use to access the users data.

The push notification system has no way of sending you the authorization nor would it be a very wise idea if it was storing your authorization.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • 1
    Storing refresh token solves my problem but I am interested in exploring some way by which I don't have to store refresh token of every user. For that I came across google service accounts but was not able to fully understand how can it be used. Do you know if google service account can be used to achieve the purpose here or not? – Akshat Jain Mar 06 '20 at 05:51