Gmail OAuth2 configuration

Complete

The following instructions can be used to configure a Mail Server that connects to Gmail using OAuth2.
These instructions apply to the Email Document Loader Job as well, although the ports will be different.

1. In Administration - Organisation, create or edit a Mail Server

Enter the following details:

Name	Gmail
Description	Account settings for Gmail
Host	smtp.gmail.com
Port	587
Timeout	120
Connection Security	STARTTLS
Authentication Method	OAuth2 - Gmail

2. Click Authorise

The first time this is done, a New OAuth2 Client Registration window will be displayed.
This prompts for the following details:

Client Id
Client Secret

These are obtained in the following steps. Note the Redirect URI.

3. Log in to https://console.cloud.google.com

Create a new project: https://console.cloud.google.com/projectcreate

Project name: OpenVPMS

Click CREATE

4. Enable the GMail API

i. Select API & Services from the Dashboard
ii. Select Enabled API & services

iii. Click ENABLE APIS AND SERVICES

iv. In the API Library, enter gmail api in the search field.
Select Gmail API from the results.

v. Click ENABLE

5. App Registration

i. Under the APIs & Services, click OAuth consent screen

ii. If you are part of an Organisation , select Internal, else select External.
iii. Click CREATE

iv. On the OAuth consent screen, enter:

App name: OpenVPMS
User support email: an email address for users to contact you with questions about their consent
Under Developer contact information, enter:
- Email addresses: support[at]openvpms[dot]com

v. Click SAVE AND CONTINUE

vi. On the Scopes screen, click ADD OR REMOVE SCOPES
vii. In the Updated selected scopes popup, under Manually add scopes, enter:
https://mail.google.com

and click ADD TO TABLE

viii. In the table, select:

https://mail.google.com
.../auth/userinfo.email
.../auth/userinfo.profile
openid

and click UPDATE

On completion, Your non-sensitive scopes should display:

.../auth/userinfo.email
.../auth/userinfo.profile
openid

while Your restricted scopes should display:

https://mail.google.com

Click SAVE AND CONTINUE

6. Test users

i. Click ADD USERS

ii. In the Add users popup, enter the email addresses of the users whose accounts will be access by OpenVPMS

iii. Click ADD

iv. Click SAVE AND CONTINUE

7. Credentials

i. Under APIs & Services, select Credentials
ii. Click CREATE CREDENTIALS
iii. Click OAuth client ID

iv. Under Create OAuth client ID, enter

Application type: Web application
Name: OpenVPMS
Authorized redirect URIs: enter the value displayed in the OAuth2 Client Registration e.g. http://localhost:8080/openvpms/oauth2/code/gmail

v. Click CREATE

A popup will display, containing the Client ID and Client Secret:

Gmail is now ready to accept authorisation.

8. Update OAuth2 Client Registration

Back in the OAuth2 Client Registration editor, enter the Client Id and Client Secret.

Click OK. This should automatically start the Authorise flow. A new browser will be displayed.

After logging in, follow the prompts, and select 'Read, compose, send and permantly delete all your mail from Gmail'

Click Continue.

9. Check Authorisation

In the Mail Server window, click Check Authorisation.

If successful, the Gmail account will appear in the Username field. Click OK.