[Bug in documentation?] Can Gmail use a Service Account instead of oauth?

The above documentation link says Gmail can use a service account. Except when I make a service account the Gsuite node only allows Gsuite Oauth Credentials.

I’d like to use a service account as I need to impersonate a few different gmail users. (assuming that is possible?)

Is the documentation table incorrect? Or does gmail actually allow a service account login?

Thank you

Yes, Gmail allows service account authentication only when working with a Google Workspaces (Formerly G Suite) account.

Hi Ricardo,

Yes, this is a gsuite email with our custom domain.

In the Gmail node, it only allows for oauth credentials in the dropdown.

That is not correct:
Screenshot from 2021-10-09 17-25-24

Hi Jan,

I’m not sure why that isn’t reflected in my setup. I’m wondering if I should just nuke my whole setup and reinstall from scratch… As there have been a bunch of weird anomolies lately…

Screenshot from 2021-10-09 15-49-15
Screenshot from 2021-10-09 15-53-09
Screenshot from 2021-10-09 15-53-32
Screenshot from 2021-10-09 15-53-57

Side note. I used cloudflare to proxy n8n. And I noticed that there were two blocked requests to path:
Is that an issue?

You have to set “Authentication” to “Service Account”, it is the parameter below the one you have open in the above screenshot.

If the above request got blocked it means that the icon for the Git-Node did not get displayed. Is not perfect but also not the worst thing that can happen.

1 Like

Oh duh. I can’t believe I missed that. Thank you kindly.

Glad to hear that I could be helpful. Have fun!

Although, when I try to send an email with that service account, I get this error below.
I wonder if I am understanding the service account? I’d like to be able to have n8n send email on behalf of various gsuite/gmail users in our organization.
I’ve had nothing but headache with the Amazon SES setup (despite it working fine a few months ago)
So now I’m trying to use the Gmail node.
I’m guessing I may need to create a new credential for each user individually?
Or can a service account actually impersonate to send an email?

"message": "Request failed with status code 400",
"name": "Error",
"stack": "Error: Request failed with status code 400 at createError (/usr/local/lib/node_modules/n8n/node_modules/axios/lib/core/createError.js:16:15) at settle (/usr/local/lib/node_modules/n8n/node_modules/axios/lib/core/settle.js:17:12) at IncomingMessage.handleStreamEnd (/usr/local/lib/node_modules/n8n/node_modules/axios/lib/adapters/http.js:269:11) at IncomingMessage.emit (events.js:327:22) at endReadableNT (internal/streams/readable.js:1327:12) at processTicksAndRejections (internal/process/task_queues.js:80:21)"
NodeApiError: Bad request - please check your parameters
    at Object.googleApiRequest (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Google/Gmail/GenericFunctions.js:47:15)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async Object.execute (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Google/Gmail/Gmail.node.js:258:40)
    at async /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/src/WorkflowExecute.js:447:47

Sadly no idea what is going on there right now. But if it is just about sending emails, then I would recommend using Sendgrid, Mailgun, or Mailjet. Think all of them have free plans and adding a Domain that then allows you to send from literally any account should just take like 5 minutes.

You can use a service account to send emails on behalf of users if the domain delegation option is set but I have had a lot of issues with other applications in the past when trying that.

I would go with what @jan suggested or depending on what you are doing use a generic no-reply email and bcc or cc the user in.

1 Like

Ok thanks. Ya, I think I need to repave my n8n instance as something is wonky. We are well established on SES for sending email like this, so I really need n8n to cooperate with me. Agreed, Gmail is not ideal for this.

1 Like

It sounds like it could be worth starting it again or bypassing the proxy to test that way to see if it is a setting on that side.