We’re currently sending outgoing mail with Google Workspace SMTP Relay with authentication off (limited by IP addresses). But I’m wondering now if what I want to do will even work as Google Workspace seems to use JWT, not OAuth for service accounts / domain-wide delegation. Is there a way to get ERPNext to work with Google Workspace for sending outgoing mail without linking to any specific user? (I also have admin on Google Workspace / Cloud.)
(We don’t want to create accounts for non-human users, they should be aliases, so we want to start with my account and use the “Use different Email ID” option.
I then tried setting OAuth up anyway with my personal company email account, just to see if that would work. I was able to set up the OAuth Connected App and authenticate with “Connect to…”.
But when I went back to Email Account, enabled SMTP authentication, and chose OAuth with this connected app, I got the following message:
Please check your email login credentials. smtplib.SMTPAuthenticationError: (535, b'5.7.8 Username and Password not accepted. For more information, go to\n5.7.8 https://support.google.com/mail/?p=BadCredentials 98e67ed59e1d1-3039f8b28acsm500967a91.10 - gsmtp')
What might I be doing wrong? ERPNext shouldn’t be sending a username and password.
The IP “authentication” (SMTP relay, lack of Basic / OAuth2 authentication) does work. But I’d rather be able to configure OAuth2 with a service account that isn’t related to a “real” user, or at least is connected to my user and using the “Use different email ID” option.
Code for backend app token / client_credentials grant is there:
Does calling this works? “System Console” or bench --site ... console
c = frappe.get_doc("Connected App", "abcdefgh01")
c.get_backend_app_token(c.client_id)
If it shows the token in token cache we’ll figure out a way to use it.
the get_backend_app_token also needs to change. no need for passing it a client_id. it should be picked up from self/cls in stead of passing it as arg.