0

I have setup no-reply@domain.com as an email group in my Gsuite Admin Panel. Now I want to send an email using that email address in node js for which I am using nodemailer. To achieve that I created service account in Google Cloud and add no-reply@domain.com group as an owner. Problem is when I am using those generated credentials in my node app it throws me an error unauthorized_client .

I have added client_id and required GMAIL scope in API permission in Gsuite. Only user accounts are working with service accounts and not group email.

Here is my sample nodemailer code

const smtpTransport = nodemailer.createTransport({
    host: 'smtp.gmail.com',
    port: 465,
    secure: true,
    auth: {
         type: "OAuth2",
         user: "no-reply@domain.com", 
         serviceClient: "109120716xxxxxxxxxxxxxx",
         privateKey: "",
    }
});

I am following this tutorial to achieve this https://medium.com/@imre_7961/nodemailer-with-g-suite-oauth2-4c86049f778a

mohammad obaid
  • 415
  • 4
  • 16
  • You have failed to set up G Suite Domain Wide Delegation correctly. Edit your question with details on how you set up delegation. I do not recommend the method in that article because those credentials have too much power. They have admin rights to your entire G Suite account. Instead, create a user login and use `username/password` or `username/token` to send emails. – John Hanley Aug 31 '20 at 18:49
  • @JohnHanley you mean I should have seperate email account for `no-reply@domain.com` instead of group emails ? – mohammad obaid Sep 01 '20 at 08:19
  • Yes, you should use/create a G Suite email account. Then use those credentials to send emails. You are trying to use impersonation in your question. I am not sure what you mean by 'no-reply@domain.com`. Typically that is a non-existant email address. That has nothing to do with Domain Wide Delegation (account impersonation). However, I just realized that you are trying to impersonate `no-reply@domain.com`. Does that account exist? If not, you cannot impersonate an account that does not exist. – John Hanley Sep 01 '20 at 08:33
  • Make sure that you understand what you are doing with a 'no-reply' address. Understand that the identity used to authenticate with G Suite is not the same as the Reply-To email address. They can be the same or different. You must handle bounces, rejects, complaints, etc if you do not want to get "blocked/black-listed". https://help.returnpath.com/hc/en-us/articles/220568427-What-is-a-Reply-To-address https://glockapps.com/blog/bounce-email-handling/ – John Hanley Sep 01 '20 at 08:59

1 Answers1

0

You need to make sure the below things :

-Set up the API keys -make sure you enable the Gmail API for your client ID. You can follow this doc and search for “Gmail API” in “Google API Manager”.

  • Make sure your client has “https://mail.google.com/” scope set for Gmail SMTP when requesting permissions for an user.

Here is a similar Stackoverflow thread that you can see for your reference.

shamma
  • 151
  • 9