I am trying to use the GSuite Package published by UiPath. https://integrations.uipath.com/docs/gsuite-application-scope
I am trying to use the Service Account Key Authentication as the OAuth Authentication is not suitable for unattended workers. I am having issues with getting the service account to work with sending and receiving emails.
I have followed the steps to enable the gmail api and setup a service account, authorise domain wide authentication and download the json file.
Any help would be greatly appreciated!
The Gmail component works only if you authorise using OAuth2 as a service account is considered a role and is thus unable to send email. This is documented in the Gmail authentication section on Google’s website.
On the other hand, using the Domain wide Authentication checkbox does allow the service account the right to impersonate users, and thus send emails. Use this at your own caution.
To answer your question, you are going about the right way in doing this, but the configuration on Google’s side is not trivial. I made it when testing, and it involves being organisational admin.
I am using Get mail message activity inside Gsuite with “ServiceAccountkey” as authentication type. while executing i found an error as "Precondition not met.
My question is Will bot checks for mail to read in the service account created? or any user mail has to be defined?
Please help at the earliest.
please find the image. These are the properties i have filled
Please help me with the above mentioned query. I am at urgency.
When we use authentication type as “Service account” , is it possible to search for the required mail at “any Gmail user account” or only for the account where the service account has been created? Kindly advise
A service account key is a special type of Google account that belongs to your application instead of to an individual end-user. Your application calls Google APIs on behalf of the service account, so users aren’t directly involved. For more information about Service account keys, see Understanding service accounts in the Google Cloud Documentation.
@marian.platonov Hi Marian, thank you very much for the reply.
My scenario is like I want to read a mail with attachment from Gmail account using service account key authentication. I am using Get mail message activity inside Gsuite scope. Please help to do the same?
How can we indicate in which gmail user account the mail has to be searched for?
Assuming that you configured correctly the Service Account in your Google Cloud console project, the UiPath the GSuite Application Scope for a ServiceAccountKey authentification should look something like this:
This is how my property panel looks like.
I gave JSON key type. is it not possible to read mail using JSON??
or the issue might be due to roles assigned while creating service accounts?
Precondition not met is the error i get.
When you use UiPath Apps, you allow UiPath Robots to access the data inside your Google mail account. Subsequently, you allow UiPath Robots to manipulate the data solely in accordance with your instructions. UiPath will never access, store, or process in any manner the data that you manipulate with the use of UiPath Robots and will not allow for the Robots to be used outside the user’s instructions. UiPath’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Then take a look at these properties for a Service Account Key:
Service Account Key
The property fields below are required only if your AuthenticationType value is ServiceAccountKey.
HasDomainWideAccess - If checked, the activity grants domain-wide access to the service account.
KeyPath - The path to the service account key file. This property supports String variables and string formatted values. The creation of a service account on the Google Cloud Platform generates a key file for download.
KeyType - A drop-down list that specifies the service account type according to the key file.The available property values are JSON or P12. For a P12 service account type, the Password and ServiceAccountEmail properties are required.
Password - The password for the service account. This property supports String variables and string formatted values and is required only if your KeyType value is P12.
ServiceAccountEmail - The auto-generated email address for the service account. This property supports String variables and string formatted values and is required only if your KeyType value is P12.
UserEmail - If HasDomainWideAccess is checked, the service account impersonates a user from the domain; use this field to enter the impersonated user’s email address.
Get Mail Messages: Error:“unauthorized_client”, Description:“Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.”, Uri:“”
“client is unauthorized to retrieve access tokens using this method”.
Means exactly that. The client you have set up on Google developer console is either not a service account client or the code you are using is not meant for a service account client.
Make sure that the client you created on the google developer console is a service account client.
Make sure that you enabled the Gmail API in your project.
There are a couple of things you need to keep in mind:
Service Account can not be used with Gmail account, only with Gsuite (the paid Google services). This is because you need to “Delegate domain-wide access” in order for the Service Account to work, and this is not possible in Gmail.
If using GSuite you should follow the steps below:
I think this is it, but I vaguely remember having to set up the Oauth consent screen in GCP as well. If you have to configure the consent screen, just put Application Type = public, make up a name, and put your e-mail as Support Email. The consent screen won’t be shown, as you’re using a Service Account which is pre-authenticated.
@marian.platonov Thank you somuch. That really helps!!
So to conclude my understanding, Inorder to access any Gmail account using ServiceAccount in Gsuite we should make sure the Service account created has been provided with certain permissions by admin
1)Gmail API Enable
2)Enable Domain Wide Delegation on both ends(Admin and in Gsuite Activity “Has Domainwide Access=True”)
Hi @marian.platonov One More Question
I am able to read Google spreadsheet using the same service Account. I am not able to make it work for the “Get Mail Message” Activity. Is that something i am missing out? or is it due to permissions missing on “delegation and GMail API”.