The library/sample code at the link you provided includes a class named
"XoauthAuthenticator" with "getSession" and "connectToImap" methods on it.
That code works fine for 3-legged OAuth, but you need to use 2-legged OAuth
access so you can impersonate users for a given domain.
For 2legged OAuth, just pass 'null' for the oauthToken and oauthTokenSecret
arguments for the getSession method. You can then pass this session in as
the first argument in the connectToImap method like this:
javax.mail.Store store
=XoauthAuthenticator.connectToImap(XoauthAuthenticator.getSession(...),
"imap.googlemail.com", 993, <<email address>>);
>From there, you're just using a standard-issue javax.mail.Store object, and
you can use the javamail docs for that.
There are a couple code changes needed for the XoauthAuthenticator
and XoauthSaslResponseBuilder classes.
For reference, I was able to put the below steps together using
documentation here:
https://developers.google.com/google-apps/gmail/oauth_protocol#constructing
(especially note the "SASL Initial Client Request" section).
Assuming your application has already been granted 2LOA access to the
"https://mail.google.com/"; scope, the following changes should work for you:
1) change the XoauthAuthenticator class constructor to not put the
following 2 key/values into the props object. These are only used in
3-legged OAuth:
- XoauthSaslClientFactory.OAUTH_TOKEN_PROP
- XoauthSaslClientFactory.OAUTH_TOKEN_SECRET_PROP
2) Change the code in XoauthSaslResponseBuilder.buildResponse method that
deals with putting the OAuthToken into the response.
First, remove the line:
parameters.put(OAuth.OAUTH_TOKEN, oauthToken);
Second, change the 'url' variable to append the "xoauth_requestor_id"
parameter onto the URL so that the correct user's IMAP session is opened.
try {
url = String.format("%s?xoauth_requestor_id=%s",
url, URLEncoder.encode(userEmail, "UTF-8"));
}
catch (UnsupportedEncodingException ex) {
// not going to happen - UTF-8 is guaranteed by every jvm
}
Good luck -
Vince.
On Monday, July 30, 2012 2:18:38 AM UTC-5, Jerry Wang wrote:
>
> I am writing a script to access all employees emails by using Google IMAP
> with OAuth:
> https://developers.google.com/google-apps/gmail/oauth_overview . This
> script should let me delete, move and export any users emails. However, I
> cannot find any clue in Google API to impersonate another user to access
> his email. (This impersonation is easy for Google Docs, but not available
> for Gmail. ) Please help, any suggestion will be appreciate. Thanks
> in advance.
--
You received this message because you are subscribed to the Google Groups
"Google Apps Domain Information and Management APIs" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-apps-mgmt-apis/-/h0i6xqnWrm4J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
