Trying to understand Google Service accounts for Gmail

Hi everyone. Sorry if this questions is rather generic and related to Google Cloud rather than n8n, as I am no expert on that side.

I am trying to fully understand how the google service account works in general and particularly regarding Gmail access. Our intention is/was to have a master service account that could access different user documents (sheets) and gmail accounts of our Workshop Domain in n8n. This is, one access to different user accounts, to avoid having individual credentials created on the console for each (oauth-generic or oauth-single).

  • I have a working Google Service Account following the docs at Google Service Account | n8n Docs
  • We activated Domain-wide delegation with scope
  • We’ve enabled the Gmail API

The credential validates in n8n and I can choose it when accessing the Gmail node but I must be missing something either at the Google Console Interface or n8n.

I understand I can “impersonate” the credentials, but that gives me an error and nevertheless it would still mean I would need a set of credentials for each different account.

If I try to connect Gmail I get:

## Problem in node ‘Gmail‘
400 - {"error":{"code":400,"message":"Precondition check failed.","errors":[{"message":"Precondition check failed.","domain":"global","reason":"failedPrecondition"}],"status":"FAILED_PRECONDITION"}} - Precondition check failed. (item 0)

I was expecting on the Gmail node I could set and additional value to determine which Gmail account I wanted to access or impersonate via node call, rather than credential wide or other form of configuration. Alternatively, I thought perhaps I could do something similar with different credentials on the Google cloud console side, but have been trying for a while now and

I might be getting this completely wrong, and it is simply not possible, in which case I understand we would need a Google oauth-generic for each of the accounts we want to access.

n8n version: 1.25.1
Database Mysql
Running n8n via Docker

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Hey @luison,

There might be more stuff that needs to be done on the Google side but what it could be is you just need to set Impersonate a User under the credential and set the user you want to access the content for.

Haven’t looked at it further but the “impersonation” option needs additional permissions in gCloud but the main problem is that in n8n that is at a connection level, not a node level, so you can’t reuse the same connection credentials for actions on various accounts.

Hey @luison,

You could set the value to an expression and set it before you use the credential.