XOAUTH2も、アプリパスワードもめんどくさいので、サービスアカウントをアカウントを作ってGmailのアクセスを試みた。
あれこれ、ためしたけど、無理っぽいなぁ。普通にWEBアプリとして自分のアプリで自分をOAuthするしかなさそう。
他にもいろいろな人が試みたり、調べたりしているが、Google のサービス・アカウントの機能で、GmailのAPIアクセスはできない。Gmail.sendだけでもさせてくれればいいのに・・・
Service accounts cannot access @gmail.com mailboxes. You must use one of the other supported OAuth 2.0 authorization scenarios described at https://developers.google.com/identity/protocols/OAuth2.
https://stackoverflow.com/questions/39510514/gmail-api-service-account
The short answer is no, it's not possible to perform service-account impersonate of a @gmail.com account. The key reason is that although the service account OAuth flow doesn't involve an authorization screen, at the end of the day someone must still say "I authorize this application to impersonate this user."
Now for a while there was a trick where you could take an @gmail.com user through the regular 3-legged flow, and once they approved it use the service account flow from then on. This lead to some strange problems however, so we've disabled that option. This may be why there was disagreement in the past about if this is possible.
参考資料
- https://christina04.hatenablog.com/entry/2015/06/04/224159
- https://qiita.com/zaru/items/d0fb96ae5eae30002820
- https://developers.google.com/gmail/api/quickstart/ruby
- https://developers.google.com/gmail/api/quickstart/ruby
- https://developers.google.com/drive/api/quickstart/ruby
- https://techblog.gmo-ap.jp/2019/05/17/upload_to_google_team_drive_with_ruby/
