Gmail OAuth2 configuration
Submitted by tanderson on Mon, 03/04/2023 - 16:34
The following instructions can be used to configure a Mail Server that connects to Gmail using OAuth2.
These instructions apply to the Email Document Loader Job as well, although the ports will be different.
1. In Administration - Organisation, create or edit a Mail Server
Enter the following details:
Name | Gmail |
Description | Account settings for Gmail |
Host | smtp.gmail.com |
Port | 587 |
Timeout | 120 |
Connection Security | STARTTLS |
Authentication Method | OAuth2 - Gmail |
2. Click Authorise
The first time this is done, a New OAuth2 Client Registration window will be displayed.
This prompts for the following details:
- Client Id
- Client Secret
These are obtained in the following steps. Note the Redirect URI.
3. Log in to https://console.cloud.google.com
Create a new project: https://console.cloud.google.com/projectcreate
Project name: OpenVPMS
Click CREATE
4. Enable the GMail API
i. Select API & Services from the Dashboard
ii. Select Enabled API & services
ii. Select Enabled API & services
iii. Click ENABLE APIS AND SERVICES
iv. In the API Library, enter gmail api in the search field.
Select Gmail API from the results.
Select Gmail API from the results.
v. Click ENABLE
5. App Registration
i. Under the APIs & Services, click OAuth consent screen
ii. If you are part of an Organisation , select Internal, else select External.
iii. Click CREATE
iii. Click CREATE
iv. On the OAuth consent screen, enter:
- App name: OpenVPMS
- User support email: an email address for users to contact you with questions about their consent
- Under Developer contact information, enter:
- Email addresses: support[at]openvpms[dot]com
v. Click SAVE AND CONTINUE
vi. On the Scopes screen, click ADD OR REMOVE SCOPES
vii. In the Updated selected scopes popup, under Manually add scopes, enter:
https://mail.google.com
vii. In the Updated selected scopes popup, under Manually add scopes, enter:
https://mail.google.com
and click ADD TO TABLE
viii. In the table, select:
- https://mail.google.com
- .../auth/userinfo.email
- .../auth/userinfo.profile
- openid
and click UPDATE
On completion, Your non-sensitive scopes should display:
- .../auth/userinfo.email
- .../auth/userinfo.profile
- openid
while Your restricted scopes should display:
Click SAVE AND CONTINUE
6. Test users
i. Click ADD USERS
ii. In the Add users popup, enter the email addresses of the users whose accounts will be access by OpenVPMS
iii. Click ADD
iv. Click SAVE AND CONTINUE
7. Credentials
i. Under APIs & Services, select Credentials
ii. Click CREATE CREDENTIALS
iii. Click OAuth client ID
iv. Under Create OAuth client ID, enter
- Application type: Web application
- Name: OpenVPMS
- Authorized redirect URIs: enter the value displayed in the OAuth2 Client Registration e.g. http://localhost:8080/openvpms/oauth2/code/gmail