login about faq


I'm trying to connect to Google Apps Gmail with OAuth. With the totally clear instructions on the Google websites I hope I have set up everything correctly.

  1. Changed the MX record for one of my domains and verified the domain.
  2. Got a p12 file.
  3. Set up a service email address for the main project.

When I run the following code (basically the example):

  Dim http As New Chilkat.Http
  Dim success As Boolean = http.UnlockComponent("Anything for 30-day trial")
  If (success <> True) Then
  End If

//  Begin by loading the downloaded .p12 into a Chilkat certificate object:
  Dim cert As New Chilkat.Cert
  success = cert.LoadPfxFile("/Users/beatrixwillius/Desktop/test-550c6e932e47.p12","notasecret")
  If (success <> True) Then
  End If

Dim iss As String = "mailarchiver@api-project-83766207457.iam.gserviceaccount.com"
  Dim scope As String = "https://mail.google.com/"
  Dim numSec As Int32 = 3600

Dim accessToken As String = http.G_SvcOauthAccessToken(iss,scope,"",numSec,cert)
  If (http.LastMethodSuccess <> True) Then
    System.DebugLog("access token: " + accessToken)
  End If

I get an empty accessToken. But LastErrorText is only:


If I change the iss value to something like "xxxxmailarchiver@api-project-83766207457.iam.gserviceaccount.com" I get the following as response:

31.01.16 11:24:27,670 test.debug[16145]: ChilkatLog:
    DllDate: Jan 26 2016
    UnlockPrefix: Anything for 30-day trial
    Architecture: Little Endian; 32-bit
    Language: MAC OS X C/C++
    VerboseLogging: 0
    iss: xxxxxxmailarchiver@api-project-83766207457.iam.gserviceaccount.com
    scope: https://mail.google.com/
    aud: https://accounts.google.com/o/oauth2/token
    jwtHeader64: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
    jwtClaimSet: {"iss":"xxxxxxmailarchiver@api-project-83766207457.iam.gserviceaccount.com","scope":"https://mail.google.com/","aud":"https://accounts.google.com/o/oauth2/token","exp":1454239462,"iat":1454235862}
              startLine: POST /o/oauth2/token HTTP/1.1
            Not auto-adding cookies.
            sendCookies: 1
          domain: accounts.google.com
          port: 443
          ssl: 1
            Opening connection directly to HTTP server.
            httpHostname: accounts.google.com
            httpPort: 443
            ssl: 1
                          Verified server key exchange.
            HTTPS secure channel established.
          connectTime: Elapsed time: 376 millisec
            sendHeaderElapsedMs: 0
            sendBodyElapsedMs: 1
          statusCode: 400
          statusText: Bad Request
            Response is chunked.
        success: 1
      success: 1
    charsetFromContentType: utf-8
    charset: utf-8
    access_token not found.

What am I doing wrong?

Using latest Chilkat plugin from yesterday. Xojo 2015r4.

PS: is it possible to get a version of LoadPfxFile that has a folderitem as parameter? Using a string instead of a folderitem is very unusual on the Mac.

Mit freundlichen Grüßen/Regards

Trixi Willius

http://www.mothsoftware.com Mail Archiver X: The email archiving solution for professionals

asked Jan 31 '16 at 08:13

bwill's gravatar image


edited Jan 31 '16 at 12:03

jpbro's gravatar image

jpbro ♦

Hi Trixi,

I have a few quick points to begin:

1) The LastErrorText contains information for the last method called (and often for the last property accessed). The 2nd line in the LastErrorText shows the method or property. In the first "LastErrorText" you posted, it was for the access to the OAuthVerifier property. If you meant to get the LastErrorText for G_SvcOauthAccessToken2, it means that after calling G_SvcOauthAccessToken2, but before getting the value of LastErrorText, your program accessed the OAuthVerifier property and overwrote the information in LastErrorText. Always verify that the name of the method/property shown in the LastErrorText matches the name/property of what you think it should be. Otherwise, the last method called was not what you thought..

2) The arguments cannot use things that are platform specific, such as a FolderItem. Chilkat is cross-platofrm, cross-operating-system, and cross-language, and therefore arguments must be in a portable type.

I'm not sure exactly why you got the "400 Bad Request". My guess is that the 3rd argument to G_SvcOauthAccessToken is an empty string and should be an email address.


answered Jan 31 '16 at 14:18

chilkat's gravatar image

chilkat ♦♦

1) I've put a breakpoint in the line after

Dim accessToken As String = http.G_SvcOauthAccessToken(iss,scope,"",numSec,cert)

and still get the following as LastError:

ChilkatLog: get_OAuthVerifier: ChilkatVersion: --get_OAuthVerifier --ChilkatLog

2) OK. Please document which type of path is used(Shell, native).

3) So sub should be the email address for the domain. This at least makes the code trying to connect to Gmail. By the way sub is a reserved work in Xojo and won't compile.


Beatrix Willius


answered Feb 02 '16 at 07:53

bwill's gravatar image


Thanks. The problem I'm facing in try to help is that I'm not able to reproduce the problem. When I make the call to G_SvcOauthAccessToken, it works (using the values I'm passing for my particular case -- which are the same in nature but just different in content).

Try this: Set the http.SessionLogFilename property to the local path of a log file that will be created, and then send me the contents of the log file (in private email to support@chilkatsoft.com). I can then examine it to see if the format of the request is invalid somehow.

In any case, all of this might be moot anyway because from all of my (countless hours of) investigation, I've found that using OAuth2 with consumer GMail account is only possible with using 3-legged OAuth2, meaning it's a cumbersome/awkward task for the user to manually get a verifier and then copy-and-paste it into the application. See the answer to this question: http://www.chilkatforum.com/questions/9368/oauth2-gmail-authentication-fails

Regarding the points:

1) The LastErrorText contains information about the last method or property accessed. You may have called G_SvcOauthAccessToken, but in between that call and actually fetching the contents of the LastErrorText property, it must've been that the OAuthVerifier property was the last thing accessed. Remember: When you're looking at things in the debugger -- the IDE is accessing the properties of the object and thus it's setting the LastErrorText by doing that..

2) I don't understand what you mean by "shell" or "native" path. The path that's passed to any Chilkat method is passed down to the underlying system call to open the file -- where the path is a relative or absolute path in the filesystem.

3) Thanks. I'll avoid using "sub".. :-)


answered Feb 02 '16 at 10:20

chilkat's gravatar image

chilkat ♦♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Jan 31 '16 at 08:13

Seen: 3,119 times

Last updated: Feb 02 '16 at 10:20

powered by OSQA