We need to develop an in-house gmail extension to process incoming emails, allow recipients to interact with our in-house software. I have been trying to figure out how to use OAuth 2.0 in Gmail Contextual Gadget, but I can't find any specific documentation for this. I couldn't find anything useful when I searched stack overflow with contextual + google-oauth (keyword recommended by Google).
Before you give me standard pages, please make sure it has this:
- Minimally, an example of Gmail contextual gadget manifest.xml that uses OAuth 2.0
- Ideally, with explanation of how to deploy it at a domain (not marketplace), so I know it actually was deployed & tested.
For example, the standard hello example in Contextual Gadgets page uses OpenID ("openIdRealm"), and was written before OAuth 2.0:
https://developers.google.com/gmail/contextual_gadgets
OpenID is NOT allowed in OAuth 2.0:
https://developers.google.com/apps-marketplace/practices#3_use_oauth20
Your application must not use OpenID or OAuth1.0. Any evidence of such usage will result in your application failing the review process.
Note that Contextual Gadgets are Client-Side Javascript apps, very different from web server apps and installed apps. So OAuth 2.0 should be used like this:
https://developers.google.com/accounts/docs/OAuth2#clientside https://developers.google.com/accounts/docs/OAuth2UserAgent
But contextual gadgets run in a container, which handles the first call of OAuth (google call, which calls back our website with tokens ...). Living on the client side, contextual gadgets "cannot keep secrets". our website (redirect page, https://example.com/oauth2callback) needs to save access token (and maybe refresh token) to the session that is accessible to our gadget code on the client side.
I would ideally not use SSO, which I see is only "needed for applications deployed on the marketplace". The alternative deployment is "for your domain", which uses Google Apps Extensions Console:
https://developers.google.com/google-apps/extensions-console/
But the extension console says, on top, "We are improving user experience, try the new Developers Console", which links to:
https://console.developers.google.com/?redirected=true
Developers Console:
- It shows the project that was created before in apps extensions console. I can click on it to open a large menu (aside, on the left)
- APIs & Auth / Credentials -- I created Client ID and secret for my app. Apparently, I must use Web Apps, not Service account or installed app, because I'm trying to access some user-private data (email access), not just a Google service, and I'm not a standalone installed app.
There is no place to report this client ID anywhere in the contextual gadget. Is it register-and-forget?
Also (a bug?), permissions shows my client ID under "Service Account" even though I did NOT create service account credentials.
And then this: I don't know how to deploy my contextual gadget (which is not a standalone app) on my domain from this new Developers Console. There only seems to be cloud-deployment-related options under overview and Compute tabs on the left.
When I try to deploy from the Apps Extensions Console (which supposedly is not deprecated, only is improved), I get this error:
Google Apps Marketplace (I never deployed to marketplace, only my own domain)
Application installation not allowed.
The OAuth1.0 version is no longer available.
Instead, try installing the OAuth2.0 version.
[Return to dashboard] (button)
What is more, return to dashboard button takes me to the Domain admin site which allows neither development nor deployment:
https://admin.google.com/mydomain.com/
By the way, the Apps Extensions Console never accesses the redirect page I have created, and never reads the gadget spec file on my site either (never accessed by google as promised), so error message must be saying the manifest.xml doesn't use OAuth 2.0... Or Apps Extensions Console doesn't use it itself and blames me for it!
So, Gmail Contextual App:
- Deprecated?
- Impossible now?
- Authorized with OAuth 2.0? How?