Nodemailer: Fail to use 2LO authentication for service account
I follow the page here: http://nodemailer.com/smtp/oauth2/
Here is my code:
var transport = {
port: 587,
host: "smtp-relay.gmail.com",
secure: false,
requireTLS: true,
auth: {
type: "OAuth2",
user: config.client_email,
serviceClient: config.client_id,
privateKey: config.private_key
}
};
transporter = nodemailer.createTransport(transport);
transporter.on('token', token => {
console.log('A new access token was generated');
console.log('User: %s', token.user);
console.log('Access Token: %s', token.accessToken);
console.log('Expires: %s', new Date(token.expires));
});
Promise.try(() => {
return transporter.verify();
})
.then(() => {
console.log("smtp ready");
})
.catch((err) => {
console.error(err);
});
Error message:
{
code: 'EAUTH',
response: '535-5.7.8 Username and Password not accepted. Learn more at\n535 5.7.8 https://support.google.com/mail/?p=BadCredentials b72-v6sm1263216iti.0 - gsmtp',
responseCode: 535,
command: 'AUTH XOAUTH2'
}
Access token is created successfully since I have seen A new access token was generated... in the console.
I have already read many articles and grant all scope for Gmail as far as I know still I failed.
Note: I successfully send email with 3LO authentication and plain login but I want to use service accounts.
I am using G suite and the service account and enable domain-wide delegation in case it matters.
wdetac
All 7 comments
did you solved it ? I have ecaxtly the same issue at the same point ...exactly
ghost
on 13 May 2018
I solved it. However many things are still not very clear. I think owner of Nodemailer should update the doc too.
First:
auth: {
type: "OAuth2",
user: config.client_email, <-- should be a real user email, not the [email protected] one
serviceClient: config.client_id, <-- try [email protected], but I think the id should also be ok
privateKey: config.private_key
}
Second:
Turn on and off the scopes in google admin console. It is the most mystery part. I cannot reproduce a reliable way to make it success. I just keep trying and stop when I success. I think it is an issue from Google.
Hope it helps!
wdetac
on 14 May 2018
thanks ... I tried to follow this post information ...
but It's failing at the same point, upon . transporter.sendMail() with 401 status code...
ghost
on 14 May 2018
Succeeded... it's running fine .. BUT the from: email sender email address is ALWAYS overwritten with the email address used for authentication...
when I use these options 馃憤
const mailOptions = {
from: 'SITE CONTACT<' + sender + '>',
to: KEY.contact_email,
subject: 'Message',
text: 'From: ' + sender + '\n\n' + msg,
html: '<h1>Message</h1><p>From: ' + sender + '</p><p>' + msg + '</p>'
};
we get from: sender . being the authenticated user
and text: 'From: ' + sender being the sender email address...
Is there anyway to force , change , bypass this Google modification ?
ghost
on 18 May 2018
Try this:
Go to Google Admin Console -> Apps -> G Suite -> Settings for Gmail -> Advanced settings -> SMTP relay service
Change Allowed senders: Only addresses in my domains
wdetac
on 18 May 2018
@erwin16 How did you solve the 401? I'm getting this at the moment too
cloakedninjas
on 23 Nov 2018
+1, would like to know what the trouble was. What format of private key data does this expect? Is there something that needs doing in the google api console?
AaronBaldwin
on 3 Jan 2019
Related issues
dcbartlett
路
10Comments
roubert
路
9Comments
m4a1fox
路
11Comments
renanbastos93
路
11Comments
higunjan
路
22Comments
Most helpful comment
I solved it. However many things are still not very clear. I think owner of Nodemailer should update the doc too.
First:
Second:
Turn on and off the scopes in google admin console. It is the most mystery part. I cannot reproduce a reliable way to make it success. I just keep trying and stop when I success. I think it is an issue from Google.
Hope it helps!