OAuth Authorization Mode

PutEmail can use OAuth2. The exact way may depend on the email provider.

OAuth with Gmail

Configure Gmail OAuth Client

The Gmail OAuth client can be used to send email on behalf of multiple different gmail accounts so this needs to be done once.

1. In the Google Development Console Create a project (if you don't have one yet)
2. Configure OAuth consent
3. Create OAuth client. Select Desktop app as Application type. When the client has been created, take note of the Client ID and Client secret values as they will be needed later.

Retrieve Token for NiFi

Tokens are provided once the owner of the Gmail account consented to the previously created client to send emails on their behalf. Consequently, this needs to be done for every gmail account.

1. Go to the following web page:

   https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fmail.google.com&client_id=CLIENT_ID

   Replace CLIENT_ID at the end to your Client ID.
2. You may need to select the Google Account for which you want to consent. Click Continue twice.
3. A page will appear with an Authorisation code that will have a message at the bottom like this:

   Authorisation code
   
   
   Please copy this code, switch to your application and paste it there:
   
   
   AUTHORISATION_CODE
           

4. Execute the following command from terminal to fetch the access and refresh tokens.
   In case the curl command returns an error, please try again from step 1.
   

   curl https://accounts.google.com/o/oauth2/token -d grant_type=authorization_code -d redirect_uri="urn:ietf:wg:oauth:2.0:oob" -d client_id=CLIENT_ID -d client_secret=CLIENT_SECRET -d code=AUTHORISATION_CODE

   Replace CLIENT_ID, CLIENT_SECRET and AUTHORISATION_CODE to your values.
5. The curl command results a json file which contains the access token and refresh token:

   {
     "access_token": "ACCESS_TOKEN",
     "expires_in": 3599,
     "refresh_token": "REFRESH_TOKEN",
     "scope": "https://mail.google.com/",
     "token_type": "Bearer"
   }
           

Configure Token in NiFi

1. On the PutEmail processor in the Authorization Mode property select Use OAuth2.
2. In the OAuth2 Access Token Provider property select/create a StandardOauth2AccessTokenProvider controller service.
3. On the StandardOauth2AccessTokenProvider controller service in the Grant Type property select Refresh Token.
4. In the Refresh Token property enter the REFRESH_TOKEN returned by the curl command.
5. In the Authorization Server URL enter

   https://accounts.google.com/o/oauth2/token

6. Also fill in the Client ID and Client secret properties.