Email Authorization with OAuth2 Flow
Setup
-
First, you need to register an app which will act on behalf of your account. With Google (GMail), just go to Cloud Credentials and click "+ CREATE CREDENTIALS" -> "OAuth client ID". (you have to configure the Consent Screen beforehand)
- During the configuration don't forget to add the
https://mail.google.com/
GMail API scope. (so you give the app full permissions on your mailbox) - If you can't find the scope, enable Gmail API for being able to use the e-mail scope (app permission) from above.
- During the configuration don't forget to add the
-
Create a secret called
email_oauth
in Control Room's Vault with the following entries (and make sure to connect VSCode to the online secrets vault):username
: Your e-mail addressclient_id
: Your app client ID (obtained at step 1.)client_secret
: Your app client secret (obtained at step 1.)refresh_token
: You can leave it blank since this will be overridden by the robot
Using the local vault
If you don't want to use the online cloud Vault:
- Make a copy of the vault.yaml in a safe place and update the keys as already instructed at the online Vault step.
- Change the
RPA_SECRET_FILE
env var path in the local-vault-env.json in order to make it point to your secrets .yaml file above. (rename the file to env.json if you want it picked up automatically by VSCode)
Robot run
Run in VSCode or rcc the following tasks in order:
Init OAuth Flow
: Opens a browser window for you to authenticate and finally getting the authorization code which has to be placed in the dialog asking for it. (now you should see your brand newrefresh_token
updated and set in the Vault; keep it private as this it's like a password which grants access into your e-mail)Send Email By Token
: Sends a test e-mail to yourself given the credentials configured in Vault. This step can be fully automated, as once therefresh_token
is set, it remains available until you revoke it.
Remarks
-
This example currently works for GMail only but can be easily adapted to work with other providers as well.
- With Google, the access token (OAuth2 string as e-mail
password
) remains valid for 1h, after that you have to get a new one by calling again theGenerate Oauth2 String
keyword.
- With Google, the access token (OAuth2 string as e-mail
- Learn more about OAuth2.
- You can bypass the flow (less secure way) by using an App Password. (can be used if 2-Step-Verification is turned ON)