Sending email via Gmail & Python
Question:
What is the recommended way of sending emails with Gmail and Python?
There are a lot of SO threads, but most are old and also SMTP with username & password is not working any more or the user has to downgrade the security of their Gmail (for example see here).
Is OAuth the recommended way?
Answers:
The answer shows how to send email with gmail API and python. Also updated the answer to send emails with attachment.
Gmail API & OAuth -> no need to save the username and password in the script.
The first time the script opens a browser to authorize the script and will store credentials locally (it will not store username and password). Consequent runs won’t need the browser and can send emails straight.
With this method you will not get errors like SMTPException below and there is no need to allow Access for less secure apps:
raise SMTPException("SMTP AUTH extension not supported by server.")
smtplib.SMTPException: SMTP AUTH extension not supported by server.
Here are the steps to send email using gmail API:
(Wizard link here, More info here)
Step 2: Install the Google Client Library
pip install --upgrade google-api-python-client
Step 3: Use the following script to send email(just change the variables in main function)
import httplib2
import os
import oauth2client
from oauth2client import client, tools, file
import base64
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from apiclient import errors, discovery
import mimetypes
from email.mime.image import MIMEImage
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
def get_credentials():
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir,
'gmail-python-email-send.json')
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
def SendMessage(sender, to, subject, msgHtml, msgPlain, attachmentFile=None):
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
if attachmentFile:
message1 = createMessageWithAttachment(sender, to, subject, msgHtml, msgPlain, attachmentFile)
else:
message1 = CreateMessageHtml(sender, to, subject, msgHtml, msgPlain)
result = SendMessageInternal(service, "me", message1)
return result
def SendMessageInternal(service, user_id, message):
try:
message = (service.users().messages().send(userId=user_id, body=message).execute())
print('Message Id: %s' % message['id'])
return message
except errors.HttpError as error:
print('An error occurred: %s' % error)
return "Error"
return "OK"
def CreateMessageHtml(sender, to, subject, msgHtml, msgPlain):
msg = MIMEMultipart('alternative')
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = to
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
return {'raw': base64.urlsafe_b64encode(msg.as_bytes())}
def createMessageWithAttachment(
sender, to, subject, msgHtml, msgPlain, attachmentFile):
"""Create a message for an email.
Args:
sender: Email address of the sender.
to: Email address of the receiver.
subject: The subject of the email message.
msgHtml: Html message to be sent
msgPlain: Alternative plain text message for older email clients
attachmentFile: The path to the file to be attached.
Returns:
An object containing a base64url encoded email object.
"""
message = MIMEMultipart('mixed')
message['to'] = to
message['from'] = sender
message['subject'] = subject
messageA = MIMEMultipart('alternative')
messageR = MIMEMultipart('related')
messageR.attach(MIMEText(msgHtml, 'html'))
messageA.attach(MIMEText(msgPlain, 'plain'))
messageA.attach(messageR)
message.attach(messageA)
print("create_message_with_attachment: file: %s" % attachmentFile)
content_type, encoding = mimetypes.guess_type(attachmentFile)
if content_type is None or encoding is not None:
content_type = 'application/octet-stream'
main_type, sub_type = content_type.split('/', 1)
if main_type == 'text':
fp = open(attachmentFile, 'rb')
msg = MIMEText(fp.read(), _subtype=sub_type)
fp.close()
elif main_type == 'image':
fp = open(attachmentFile, 'rb')
msg = MIMEImage(fp.read(), _subtype=sub_type)
fp.close()
elif main_type == 'audio':
fp = open(attachmentFile, 'rb')
msg = MIMEAudio(fp.read(), _subtype=sub_type)
fp.close()
else:
fp = open(attachmentFile, 'rb')
msg = MIMEBase(main_type, sub_type)
msg.set_payload(fp.read())
fp.close()
filename = os.path.basename(attachmentFile)
msg.add_header('Content-Disposition', 'attachment', filename=filename)
message.attach(msg)
return {'raw': base64.urlsafe_b64encode(message.as_string())}
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject"
msgHtml = "Hi<br/>Html Email"
msgPlain = "HinPlain Email"
SendMessage(sender, to, subject, msgHtml, msgPlain)
# Send message with attachment:
SendMessage(sender, to, subject, msgHtml, msgPlain, '/path/to/file.pdf')
if __name__ == '__main__':
main()
Tip for running this code on linux, with no browser:
If your linux environment has no browser to complete the first time authorization process, you can run the code once on your laptop (mac or windows) and then copy the credentials to the destination linux machine. Credentials are normally stored in the following destination:
~/.credentials/gmail-python-email-send.json
I modified this as follows to work with Python3, inspired by Python Gmail API 'not JSON serializable'
import httplib2
import os
import oauth2client
from oauth2client import client, tools
import base64
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from apiclient import errors, discovery
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
def get_credentials():
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir, 'gmail-python-email-send.json')
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
def SendMessage(sender, to, subject, msgHtml, msgPlain):
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
message1 = CreateMessage(sender, to, subject, msgHtml, msgPlain)
SendMessageInternal(service, "me", message1)
def SendMessageInternal(service, user_id, message):
try:
message = (service.users().messages().send(userId=user_id, body=message).execute())
print('Message Id: %s' % message['id'])
return message
except errors.HttpError as error:
print('An error occurred: %s' % error)
def CreateMessage(sender, to, subject, msgHtml, msgPlain):
msg = MIMEMultipart('alternative')
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = to
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
raw = base64.urlsafe_b64encode(msg.as_bytes())
raw = raw.decode()
body = {'raw': raw}
return body
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject"
msgHtml = "Hi<br/>Html Email"
msgPlain = "HinPlain Email"
SendMessage(sender, to, subject, msgHtml, msgPlain)
if __name__ == '__main__':
main()
Here is the Python 3.6 code (and explanations) needed to send an email without (or with) an attachment.
(To send with attachment just uncomment the 2 lines bellow ## without attachment and comment the 2 lines bellow ## with attachment)
All the credit (and up-vote) to apadana
import httplib2
import os
import oauth2client
from oauth2client import client, tools
import base64
from email import encoders
#needed for attachment
import smtplib
import mimetypes
from email import encoders
from email.message import Message
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
from email.mime.image import MIMEImage
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
#List of all mimetype per extension: http://help.dottoro.com/lapuadlp.php or http://mime.ritey.com/
from apiclient import errors, discovery #needed for gmail service
## About credentials
# There are 2 types of "credentials":
# the one created and downloaded from https://console.developers.google.com/apis/ (let's call it the client_id)
# the one that will be created from the downloaded client_id (let's call it credentials, it will be store in C:Usersuser.credentials)
#Getting the CLIENT_ID
# 1) enable the api you need on https://console.developers.google.com/apis/
# 2) download the .json file (this is the CLIENT_ID)
# 3) save the CLIENT_ID in same folder as your script.py
# 4) update the CLIENT_SECRET_FILE (in the code below) with the CLIENT_ID filename
#Optional
# If you don't change the permission ("scope"):
#the CLIENT_ID could be deleted after creating the credential (after the first run)
# If you need to change the scope:
# you will need the CLIENT_ID each time to create a new credential that contains the new scope.
# Set a new credentials_path for the new credential (because it's another file)
def get_credentials():
# If needed create folder for credential
home_dir = os.path.expanduser('~') #>> C:UsersMe
credential_dir = os.path.join(home_dir, '.credentials') # >>C:UsersMe.credentials (it's a folder)
if not os.path.exists(credential_dir):
os.makedirs(credential_dir) #create folder if doesnt exist
credential_path = os.path.join(credential_dir, 'cred send mail.json')
#Store the credential
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
CLIENT_SECRET_FILE = 'client_id to send Gmail.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
#The scope URL for read/write access to a user's calendar data
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
# Create a flow object. (it assists with OAuth 2.0 steps to get user authorization + credentials)
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
return credentials
## Get creds, prepare message and send it
def create_message_and_send(sender, to, subject, message_text_plain, message_text_html, attached_file):
credentials = get_credentials()
# Create an httplib2.Http object to handle our HTTP requests, and authorize it using credentials.authorize()
http = httplib2.Http()
# http is the authorized httplib2.Http()
http = credentials.authorize(http) #or: http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
## without attachment
message_without_attachment = create_message_without_attachment(sender, to, subject, message_text_html, message_text_plain)
send_Message_without_attachment(service, "me", message_without_attachment, message_text_plain)
## with attachment
# message_with_attachment = create_Message_with_attachment(sender, to, subject, message_text_plain, message_text_html, attached_file)
# send_Message_with_attachment(service, "me", message_with_attachment, message_text_plain,attached_file)
def create_message_without_attachment (sender, to, subject, message_text_html, message_text_plain):
#Create message container
message = MIMEMultipart('alternative') # needed for both plain & HTML (the MIME type is multipart/alternative)
message['Subject'] = subject
message['From'] = sender
message['To'] = to
#Create the body of the message (a plain-text and an HTML version)
message.attach(MIMEText(message_text_plain, 'plain'))
message.attach(MIMEText(message_text_html, 'html'))
raw_message_no_attachment = base64.urlsafe_b64encode(message.as_bytes())
raw_message_no_attachment = raw_message_no_attachment.decode()
body = {'raw': raw_message_no_attachment}
return body
def create_Message_with_attachment(sender, to, subject, message_text_plain, message_text_html, attached_file):
"""Create a message for an email.
message_text: The text of the email message.
attached_file: The path to the file to be attached.
Returns:
An object containing a base64url encoded email object.
"""
##An email is composed of 3 part :
#part 1: create the message container using a dictionary { to, from, subject }
#part 2: attach the message_text with .attach() (could be plain and/or html)
#part 3(optional): an attachment added with .attach()
## Part 1
message = MIMEMultipart() #when alternative: no attach, but only plain_text
message['to'] = to
message['from'] = sender
message['subject'] = subject
## Part 2 (the message_text)
# The order count: the first (html) will be use for email, the second will be attached (unless you comment it)
message.attach(MIMEText(message_text_html, 'html'))
message.attach(MIMEText(message_text_plain, 'plain'))
## Part 3 (attachment)
# # to attach a text file you containing "test" you would do:
# # message.attach(MIMEText("test", 'plain'))
#-----About MimeTypes:
# It tells gmail which application it should use to read the attachment (it acts like an extension for windows).
# If you dont provide it, you just wont be able to read the attachment (eg. a text) within gmail. You'll have to download it to read it (windows will know how to read it with it's extension).
#-----3.1 get MimeType of attachment
#option 1: if you want to attach the same file just specify it’s mime types
#option 2: if you want to attach any file use mimetypes.guess_type(attached_file)
my_mimetype, encoding = mimetypes.guess_type(attached_file)
# If the extension is not recognized it will return: (None, None)
# If it's an .mp3, it will return: (audio/mp3, None) (None is for the encoding)
#for unrecognized extension it set my_mimetypes to 'application/octet-stream' (so it won't return None again).
if my_mimetype is None or encoding is not None:
my_mimetype = 'application/octet-stream'
main_type, sub_type = my_mimetype.split('/', 1)# split only at the first '/'
# if my_mimetype is audio/mp3: main_type=audio sub_type=mp3
#-----3.2 creating the attachment
#you don't really "attach" the file but you attach a variable that contains the "binary content" of the file you want to attach
#option 1: use MIMEBase for all my_mimetype (cf below) - this is the easiest one to understand
#option 2: use the specific MIME (ex for .mp3 = MIMEAudio) - it's a shorcut version of MIMEBase
#this part is used to tell how the file should be read and stored (r, or rb, etc.)
if main_type == 'text':
print("text")
temp = open(attached_file, 'r') # 'rb' will send this error: 'bytes' object has no attribute 'encode'
attachment = MIMEText(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'image':
print("image")
temp = open(attached_file, 'rb')
attachment = MIMEImage(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'audio':
print("audio")
temp = open(attached_file, 'rb')
attachment = MIMEAudio(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'application' and sub_type == 'pdf':
temp = open(attached_file, 'rb')
attachment = MIMEApplication(temp.read(), _subtype=sub_type)
temp.close()
else:
attachment = MIMEBase(main_type, sub_type)
temp = open(attached_file, 'rb')
attachment.set_payload(temp.read())
temp.close()
#-----3.3 encode the attachment, add a header and attach it to the message
# encoders.encode_base64(attachment) #not needed (cf. randomfigure comment)
#https://docs.python.org/3/library/email-examples.html
filename = os.path.basename(attached_file)
attachment.add_header('Content-Disposition', 'attachment', filename=filename) # name preview in email
message.attach(attachment)
## Part 4 encode the message (the message should be in bytes)
message_as_bytes = message.as_bytes() # the message should converted from string to bytes.
message_as_base64 = base64.urlsafe_b64encode(message_as_bytes) #encode in base64 (printable letters coding)
raw = message_as_base64.decode() # need to JSON serializable (no idea what does it means)
return {'raw': raw}
def send_Message_without_attachment(service, user_id, body, message_text_plain):
try:
message_sent = (service.users().messages().send(userId=user_id, body=body).execute())
message_id = message_sent['id']
# print(attached_file)
print (f'Message sent (without attachment) nn Message Id: {message_id}nn Message:nn {message_text_plain}')
# return body
except errors.HttpError as error:
print (f'An error occurred: {error}')
def send_Message_with_attachment(service, user_id, message_with_attachment, message_text_plain, attached_file):
"""Send an email message.
Args:
service: Authorized Gmail API service instance.
user_id: User's email address. The special value "me" can be used to indicate the authenticated user.
message: Message to be sent.
Returns:
Sent Message.
"""
try:
message_sent = (service.users().messages().send(userId=user_id, body=message_with_attachment).execute())
message_id = message_sent['id']
# print(attached_file)
# return message_sent
except errors.HttpError as error:
print (f'An error occurred: {error}')
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject test1"
message_text_html = r'Hi<br/>Html <b>hello</b>'
message_text_plain = "HinPlain Email"
attached_file = r'C:UsersMeDesktopaudio.m4a'
create_message_and_send(sender, to, subject, message_text_plain, message_text_html, attached_file)
if __name__ == '__main__':
main()
thanks, @Guillame, @apadana. @Guillaume’s answer worked great for me in Win/Python3.7, but with one change. For the all the 3 print statements, I had to remove the “f”, as in change:
print (f'An error occurred: {error}')
to
print ('An error occurred: {error}')
Also look at the first part of @apandana’s answer to get your client_secret.json file. That was more clearer for me.
For jupyter-notebook users, after following @apadana’s instructions, if you get cryptic error messages, make sure you copy the code out into it’s own python file and run it using
%run [filename].py
(still no clue how I figured that one out)
when you finish doing that, you’re now almost in the clear.
make the last change: Gmail API Error from Code Sample – a bytes-like object is required, not 'str'
replace
return {'raw': base64.urlsafe_b64encode(message.as_string())}
with:
return {'raw': base64.urlsafe_b64encode(message.as_string().encode()).decode()}
now, it should™ work.
final notes: remember there are two instances of the base64 encode thingie…
use
return {'raw': base64.urlsafe_b64encode(msg.as_string().encode()).decode()}
in method CreateMessageHtml
and
return {'raw': base64.urlsafe_b64encode(message.as_string().encode()).decode()}
in method createMessageWithAttachment
the reason you gotta do this is because the message has the variable name ‘msg’ in CreateMessageHtml, but name ‘message’ in createMessageWithAttachment. Because reasons. That’s why.
I was stuck with the same question some time ago.
Before you read the code – please go to-https://developers.google.com/gmail/api/quickstart/python
Also,
When going to the site listed above, enable the Gmail API, so that the code can be used.
I had to google a lot and modify the already existing google Gmail API code to find make it something like this :-
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from email.mime.text import MIMEText
import base64
subject = "Subject_Goes_Here"
msg = "Your_Message_Text_Goes_Here"
sender = "[email protected]"
receiver = "[email protected]"
SCOPES = ['https://www.googleapis.com/auth/gmail.modify']
creds = None
if os.path.exists('token.pickle'):
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
# Save the credentials for the next run
with open('token.pickle', 'wb') as token:
pickle.dump(creds, token)
service = build('gmail', 'v1', credentials=creds)
message = MIMEText(msg)
message['to'] = receiver
message['from'] = sender
message['subject'] = subject
raw = base64.urlsafe_b64encode(message.as_bytes())
raw = raw.decode()
body = {'raw' : raw}
message = (service.users().messages().send(userId='me', body=body).execute())
This code might seem long, but you only have to change the values in the variables, – subject , message , sender and receiver.
I had modified the code according to my needs and it might not work for yours. Yet, there are many other examples online. For example, to make a mail with attachments, you can go here – https://developers.google.com/gmail/api/guides/uploads
For this example, you have to downgrade your security, by enabling less-secure apps to access your Gmail account. But as this is a Google API, you need not worry. This code will also ask for your Gmail Password, but that is only as a security measure and is controlled and stored locally by the Google Servers.
This code worked like a charm for me and I do hope that it does for you too.
Thanks,
So I found all of the above super helpful, but nothing worked for me out of the box. Specifically my issue involved finding the proper scopes used to send rather the read messages (not specified in the quickstart guide provided by Google). A list of the scoping permissions can be found here.
Using that combined with the quickstart guide guide, we can get our pickled credentials file like so:
import pickle
import os
from google_auth_oauthlib.flow import InstalledAppFlow
# Specify permissions to send and read/write messages
# Find more information at:
# https://developers.google.com/gmail/api/auth/scopes
SCOPES = ['https://www.googleapis.com/auth/gmail.send',
'https://www.googleapis.com/auth/gmail.modify']
# Get the user's home directory
home_dir = os.path.expanduser('~')
# Recall that the credentials.json data is saved in our "Downloads" folder
json_path = os.path.join(home_dir, 'Downloads', 'credentials.json')
# Next we indicate to the API how we will be generating our credentials
flow = InstalledAppFlow.from_client_secrets_file(json_path, SCOPES)
# This step will generate the pickle file
# The file gmail.pickle stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
creds = flow.run_local_server(port=0)
# We are going to store the credentials in the user's home directory
pickle_path = os.path.join(home_dir, 'gmail.pickle')
with open(pickle_path, 'wb') as token:
pickle.dump(creds, token)
We can then go about actually sending the email with this:
import pickle
import os
import base64
import googleapiclient.discovery
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
# Get the path to the pickle file
home_dir = os.path.expanduser('~')
pickle_path = os.path.join(home_dir, 'gmail.pickle')
# Load our pickled credentials
creds = pickle.load(open(pickle_path, 'rb'))
# Build the service
service = googleapiclient.discovery.build('gmail', 'v1', credentials=creds)
# Create a message
my_email = '<your_email_here>@gmail.com'
msg = MIMEMultipart('alternative')
msg['Subject'] = 'Hello World'
msg['From'] = f'{my_email}'
msg['To'] = f'{my_email}'
msgPlain = 'This is my first email!'
msgHtml = '<b>This is my first email!</b>'
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
raw = base64.urlsafe_b64encode(msg.as_bytes())
raw = raw.decode()
body = {'raw': raw}
message1 = body
message = (
service.users().messages().send(
userId="me", body=message1).execute())
print('Message Id: %s' % message['id'])
Source: https://scriptreference.com/sending-emails-via-gmail-with-python/
Here is what you need in plain and simple:
- Set up application password in your Google account
- Use this application password in your code
Set up Application Password
- Set up 2-step verification (if not already)
- Generate an App password:
- Go to your Google account
- Go to
Security
- Go to
App passwords
- Click the
Select app and then Other (custom name)
- Give a name and then click
Generate
- Copy/remember this app password
Application
Then you may send emails with smtplib and email library:
import smtplib
from email.message import EmailMessage
# Create an email
msg = EmailMessage()
msg['Subject'] = 'An Example Subject'
msg['From'] = "[email protected]"
msg['To'] = "[email protected]"
msg.set_content("Hi, this is an email.")
# Send the message
s = smtplib.SMTP('smtp.gmail.com', 587)
s.starttls()
s.login("[email protected]", "<APP PASSWORD>")
s.send_message(msg)
s.quit()
Fill in the <APP PASSWORD> and [email protected] accordingly.
Alternative: Red Mail
I have also made a library to simplify this (minimize boilerplate and has several advanced features). Install it:
pip install redmail
Then simply:
from redmail import gmail
gmail.username = "[email protected]"
gmail.password = "<APP PASSWORD>"
gmail.send(
subject='An Example Subject',
receivers=['[email protected]'],
text='Hi, this is an example email.'
)
Red Mail supports text, HTML, inline/embedded images, attachments and it has Jinja integrated and logging handlers.
- Documentation: https://red-mail.readthedocs.io/en/stable/index.html
- Source code: https://github.com/Miksus/red-mail
- Releases: https://pypi.org/project/redmail/
UPDATE: I ended up not using the solution that I propose below. In my case, I had to manually obtain a refresh token once a week or so because my OAuth "application" in Google’s eyes is only a testing app or something like that…
What you should be doing, and what I ended up doing too is what @miksus recommends below: setup an application password and use it with the same code that you used for the old username/password auth with SMTP before. Note that this is actually as accepted a solution by Google as OAuth, only that (at least in my case) this was very much not clear from their communication.
So to answer your second question: app passwords are the (easiest) recommended way: safe, with the same (very little) code as before. And I guess the extra security comes from the fact that in case somebody breaks your app password, you can simply revoke it and create another one.
Good luck!
If you want to use a library, the following code is all you need:
from yagmail import SMTP
conn = SMTP("[email protected]", oauth2_file="./credentials.json")
conn.send(subject="It works!")
The first time you run the code above, you have to provide your Client ID and Client Secret that you get by following the steps 1-4 below if you don’t already have them.
Note: This first time run must be done on a machine where you can open a browser to complete the OAuth authorization flow (so very likely not on your sever!).
How come so little code?
This is a solution that does not require you to copy-paste large chunks of code into your project, but instead delegates to a third-party library named yagmail (2.3K⭐ on GitHub) which:
- implements the API communication
- starts the OAuth authorization flow as you see in Step 5 below
As far as I can tell all the steps that I describe below are required, so there’s no simpler solution. The process described here was tested on May, 2022.
1. Create a New Project in Your Google Console
In your google cloud console at https://console.cloud.google.com/
2. Enable GMail API
3. Configure OAuth Consent Screen
- Note: you might not be able to choose Internal (I wasn’t). As far as I can tell, this means that you you’ll have an extra step later in which you’ll add the email that you want to use for sending to a "testers" list
3.b. Enable the "Send Mail" OAuth Scope
Select "Add or Remove Scopes" and then enable the OAuth scope "Send mail".
3.c. Add Your Test User
- this is the mail you want to send your messages from
- this is needed if you choose "External" in Step 3; might not be needed if you chose Internal
4. Create a new OAuth Client
The OAuth client is your application/script that will send mail using GMail API on your behalf. Select "Desktop App" for a type.
Save the Client ID and Client secret – these uniquely identify your client app to Google. You’ll need them in the next step. You don’t have to, but you can also download the .json file that contains them.
5. Authorize the client app to send email on your behalf
The following code tells yagmail that you want to send an email while authenticating using OAuth:
import yagmail
yag = yagmail.SMTP("[email protected]", oauth2_file="./credentials.json")
yag.send(subject="It works!")
The first time you run this code, it will not find the credentials.json so it’s going to:
- ask you for your client ID and client secret from Step 4
- provide you with a link that you open in browser to follow the OAuth authorization flow. At the end of the authorization flow you get a verification code that you paste back in the command line
Once the above are done, the credentials.json file is created and saved in the folder where the process was started. The file contains the OAuth tokens required for authorizing email sending on your behalf.
Next time you run the code an email is sent straight away based on the the info in credentials.json.
Note:
- this last step must be done on a machine where you can open a browser to complete the OAuth authorization flow (so very likely not on your sever!)
- once you have the
credentials.json you can copy the file on your server
What is the recommended way of sending emails with Gmail and Python?
There are a lot of SO threads, but most are old and also SMTP with username & password is not working any more or the user has to downgrade the security of their Gmail (for example see here).
Is OAuth the recommended way?
The answer shows how to send email with gmail API and python. Also updated the answer to send emails with attachment.
Gmail API & OAuth -> no need to save the username and password in the script.
The first time the script opens a browser to authorize the script and will store credentials locally (it will not store username and password). Consequent runs won’t need the browser and can send emails straight.
With this method you will not get errors like SMTPException below and there is no need to allow Access for less secure apps:
raise SMTPException("SMTP AUTH extension not supported by server.")
smtplib.SMTPException: SMTP AUTH extension not supported by server.
Here are the steps to send email using gmail API:
(Wizard link here, More info here)
Step 2: Install the Google Client Library
pip install --upgrade google-api-python-client
Step 3: Use the following script to send email(just change the variables in main function)
import httplib2
import os
import oauth2client
from oauth2client import client, tools, file
import base64
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from apiclient import errors, discovery
import mimetypes
from email.mime.image import MIMEImage
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
def get_credentials():
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir,
'gmail-python-email-send.json')
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
def SendMessage(sender, to, subject, msgHtml, msgPlain, attachmentFile=None):
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
if attachmentFile:
message1 = createMessageWithAttachment(sender, to, subject, msgHtml, msgPlain, attachmentFile)
else:
message1 = CreateMessageHtml(sender, to, subject, msgHtml, msgPlain)
result = SendMessageInternal(service, "me", message1)
return result
def SendMessageInternal(service, user_id, message):
try:
message = (service.users().messages().send(userId=user_id, body=message).execute())
print('Message Id: %s' % message['id'])
return message
except errors.HttpError as error:
print('An error occurred: %s' % error)
return "Error"
return "OK"
def CreateMessageHtml(sender, to, subject, msgHtml, msgPlain):
msg = MIMEMultipart('alternative')
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = to
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
return {'raw': base64.urlsafe_b64encode(msg.as_bytes())}
def createMessageWithAttachment(
sender, to, subject, msgHtml, msgPlain, attachmentFile):
"""Create a message for an email.
Args:
sender: Email address of the sender.
to: Email address of the receiver.
subject: The subject of the email message.
msgHtml: Html message to be sent
msgPlain: Alternative plain text message for older email clients
attachmentFile: The path to the file to be attached.
Returns:
An object containing a base64url encoded email object.
"""
message = MIMEMultipart('mixed')
message['to'] = to
message['from'] = sender
message['subject'] = subject
messageA = MIMEMultipart('alternative')
messageR = MIMEMultipart('related')
messageR.attach(MIMEText(msgHtml, 'html'))
messageA.attach(MIMEText(msgPlain, 'plain'))
messageA.attach(messageR)
message.attach(messageA)
print("create_message_with_attachment: file: %s" % attachmentFile)
content_type, encoding = mimetypes.guess_type(attachmentFile)
if content_type is None or encoding is not None:
content_type = 'application/octet-stream'
main_type, sub_type = content_type.split('/', 1)
if main_type == 'text':
fp = open(attachmentFile, 'rb')
msg = MIMEText(fp.read(), _subtype=sub_type)
fp.close()
elif main_type == 'image':
fp = open(attachmentFile, 'rb')
msg = MIMEImage(fp.read(), _subtype=sub_type)
fp.close()
elif main_type == 'audio':
fp = open(attachmentFile, 'rb')
msg = MIMEAudio(fp.read(), _subtype=sub_type)
fp.close()
else:
fp = open(attachmentFile, 'rb')
msg = MIMEBase(main_type, sub_type)
msg.set_payload(fp.read())
fp.close()
filename = os.path.basename(attachmentFile)
msg.add_header('Content-Disposition', 'attachment', filename=filename)
message.attach(msg)
return {'raw': base64.urlsafe_b64encode(message.as_string())}
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject"
msgHtml = "Hi<br/>Html Email"
msgPlain = "HinPlain Email"
SendMessage(sender, to, subject, msgHtml, msgPlain)
# Send message with attachment:
SendMessage(sender, to, subject, msgHtml, msgPlain, '/path/to/file.pdf')
if __name__ == '__main__':
main()
Tip for running this code on linux, with no browser:
If your linux environment has no browser to complete the first time authorization process, you can run the code once on your laptop (mac or windows) and then copy the credentials to the destination linux machine. Credentials are normally stored in the following destination:
~/.credentials/gmail-python-email-send.json
I modified this as follows to work with Python3, inspired by Python Gmail API 'not JSON serializable'
import httplib2
import os
import oauth2client
from oauth2client import client, tools
import base64
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from apiclient import errors, discovery
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
def get_credentials():
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir, 'gmail-python-email-send.json')
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
def SendMessage(sender, to, subject, msgHtml, msgPlain):
credentials = get_credentials()
http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
message1 = CreateMessage(sender, to, subject, msgHtml, msgPlain)
SendMessageInternal(service, "me", message1)
def SendMessageInternal(service, user_id, message):
try:
message = (service.users().messages().send(userId=user_id, body=message).execute())
print('Message Id: %s' % message['id'])
return message
except errors.HttpError as error:
print('An error occurred: %s' % error)
def CreateMessage(sender, to, subject, msgHtml, msgPlain):
msg = MIMEMultipart('alternative')
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = to
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
raw = base64.urlsafe_b64encode(msg.as_bytes())
raw = raw.decode()
body = {'raw': raw}
return body
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject"
msgHtml = "Hi<br/>Html Email"
msgPlain = "HinPlain Email"
SendMessage(sender, to, subject, msgHtml, msgPlain)
if __name__ == '__main__':
main()
Here is the Python 3.6 code (and explanations) needed to send an email without (or with) an attachment.
(To send with attachment just uncomment the 2 lines bellow ## without attachment and comment the 2 lines bellow ## with attachment)
All the credit (and up-vote) to apadana
import httplib2
import os
import oauth2client
from oauth2client import client, tools
import base64
from email import encoders
#needed for attachment
import smtplib
import mimetypes
from email import encoders
from email.message import Message
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
from email.mime.image import MIMEImage
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
#List of all mimetype per extension: http://help.dottoro.com/lapuadlp.php or http://mime.ritey.com/
from apiclient import errors, discovery #needed for gmail service
## About credentials
# There are 2 types of "credentials":
# the one created and downloaded from https://console.developers.google.com/apis/ (let's call it the client_id)
# the one that will be created from the downloaded client_id (let's call it credentials, it will be store in C:Usersuser.credentials)
#Getting the CLIENT_ID
# 1) enable the api you need on https://console.developers.google.com/apis/
# 2) download the .json file (this is the CLIENT_ID)
# 3) save the CLIENT_ID in same folder as your script.py
# 4) update the CLIENT_SECRET_FILE (in the code below) with the CLIENT_ID filename
#Optional
# If you don't change the permission ("scope"):
#the CLIENT_ID could be deleted after creating the credential (after the first run)
# If you need to change the scope:
# you will need the CLIENT_ID each time to create a new credential that contains the new scope.
# Set a new credentials_path for the new credential (because it's another file)
def get_credentials():
# If needed create folder for credential
home_dir = os.path.expanduser('~') #>> C:UsersMe
credential_dir = os.path.join(home_dir, '.credentials') # >>C:UsersMe.credentials (it's a folder)
if not os.path.exists(credential_dir):
os.makedirs(credential_dir) #create folder if doesnt exist
credential_path = os.path.join(credential_dir, 'cred send mail.json')
#Store the credential
store = oauth2client.file.Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
CLIENT_SECRET_FILE = 'client_id to send Gmail.json'
APPLICATION_NAME = 'Gmail API Python Send Email'
#The scope URL for read/write access to a user's calendar data
SCOPES = 'https://www.googleapis.com/auth/gmail.send'
# Create a flow object. (it assists with OAuth 2.0 steps to get user authorization + credentials)
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
credentials = tools.run_flow(flow, store)
return credentials
## Get creds, prepare message and send it
def create_message_and_send(sender, to, subject, message_text_plain, message_text_html, attached_file):
credentials = get_credentials()
# Create an httplib2.Http object to handle our HTTP requests, and authorize it using credentials.authorize()
http = httplib2.Http()
# http is the authorized httplib2.Http()
http = credentials.authorize(http) #or: http = credentials.authorize(httplib2.Http())
service = discovery.build('gmail', 'v1', http=http)
## without attachment
message_without_attachment = create_message_without_attachment(sender, to, subject, message_text_html, message_text_plain)
send_Message_without_attachment(service, "me", message_without_attachment, message_text_plain)
## with attachment
# message_with_attachment = create_Message_with_attachment(sender, to, subject, message_text_plain, message_text_html, attached_file)
# send_Message_with_attachment(service, "me", message_with_attachment, message_text_plain,attached_file)
def create_message_without_attachment (sender, to, subject, message_text_html, message_text_plain):
#Create message container
message = MIMEMultipart('alternative') # needed for both plain & HTML (the MIME type is multipart/alternative)
message['Subject'] = subject
message['From'] = sender
message['To'] = to
#Create the body of the message (a plain-text and an HTML version)
message.attach(MIMEText(message_text_plain, 'plain'))
message.attach(MIMEText(message_text_html, 'html'))
raw_message_no_attachment = base64.urlsafe_b64encode(message.as_bytes())
raw_message_no_attachment = raw_message_no_attachment.decode()
body = {'raw': raw_message_no_attachment}
return body
def create_Message_with_attachment(sender, to, subject, message_text_plain, message_text_html, attached_file):
"""Create a message for an email.
message_text: The text of the email message.
attached_file: The path to the file to be attached.
Returns:
An object containing a base64url encoded email object.
"""
##An email is composed of 3 part :
#part 1: create the message container using a dictionary { to, from, subject }
#part 2: attach the message_text with .attach() (could be plain and/or html)
#part 3(optional): an attachment added with .attach()
## Part 1
message = MIMEMultipart() #when alternative: no attach, but only plain_text
message['to'] = to
message['from'] = sender
message['subject'] = subject
## Part 2 (the message_text)
# The order count: the first (html) will be use for email, the second will be attached (unless you comment it)
message.attach(MIMEText(message_text_html, 'html'))
message.attach(MIMEText(message_text_plain, 'plain'))
## Part 3 (attachment)
# # to attach a text file you containing "test" you would do:
# # message.attach(MIMEText("test", 'plain'))
#-----About MimeTypes:
# It tells gmail which application it should use to read the attachment (it acts like an extension for windows).
# If you dont provide it, you just wont be able to read the attachment (eg. a text) within gmail. You'll have to download it to read it (windows will know how to read it with it's extension).
#-----3.1 get MimeType of attachment
#option 1: if you want to attach the same file just specify it’s mime types
#option 2: if you want to attach any file use mimetypes.guess_type(attached_file)
my_mimetype, encoding = mimetypes.guess_type(attached_file)
# If the extension is not recognized it will return: (None, None)
# If it's an .mp3, it will return: (audio/mp3, None) (None is for the encoding)
#for unrecognized extension it set my_mimetypes to 'application/octet-stream' (so it won't return None again).
if my_mimetype is None or encoding is not None:
my_mimetype = 'application/octet-stream'
main_type, sub_type = my_mimetype.split('/', 1)# split only at the first '/'
# if my_mimetype is audio/mp3: main_type=audio sub_type=mp3
#-----3.2 creating the attachment
#you don't really "attach" the file but you attach a variable that contains the "binary content" of the file you want to attach
#option 1: use MIMEBase for all my_mimetype (cf below) - this is the easiest one to understand
#option 2: use the specific MIME (ex for .mp3 = MIMEAudio) - it's a shorcut version of MIMEBase
#this part is used to tell how the file should be read and stored (r, or rb, etc.)
if main_type == 'text':
print("text")
temp = open(attached_file, 'r') # 'rb' will send this error: 'bytes' object has no attribute 'encode'
attachment = MIMEText(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'image':
print("image")
temp = open(attached_file, 'rb')
attachment = MIMEImage(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'audio':
print("audio")
temp = open(attached_file, 'rb')
attachment = MIMEAudio(temp.read(), _subtype=sub_type)
temp.close()
elif main_type == 'application' and sub_type == 'pdf':
temp = open(attached_file, 'rb')
attachment = MIMEApplication(temp.read(), _subtype=sub_type)
temp.close()
else:
attachment = MIMEBase(main_type, sub_type)
temp = open(attached_file, 'rb')
attachment.set_payload(temp.read())
temp.close()
#-----3.3 encode the attachment, add a header and attach it to the message
# encoders.encode_base64(attachment) #not needed (cf. randomfigure comment)
#https://docs.python.org/3/library/email-examples.html
filename = os.path.basename(attached_file)
attachment.add_header('Content-Disposition', 'attachment', filename=filename) # name preview in email
message.attach(attachment)
## Part 4 encode the message (the message should be in bytes)
message_as_bytes = message.as_bytes() # the message should converted from string to bytes.
message_as_base64 = base64.urlsafe_b64encode(message_as_bytes) #encode in base64 (printable letters coding)
raw = message_as_base64.decode() # need to JSON serializable (no idea what does it means)
return {'raw': raw}
def send_Message_without_attachment(service, user_id, body, message_text_plain):
try:
message_sent = (service.users().messages().send(userId=user_id, body=body).execute())
message_id = message_sent['id']
# print(attached_file)
print (f'Message sent (without attachment) nn Message Id: {message_id}nn Message:nn {message_text_plain}')
# return body
except errors.HttpError as error:
print (f'An error occurred: {error}')
def send_Message_with_attachment(service, user_id, message_with_attachment, message_text_plain, attached_file):
"""Send an email message.
Args:
service: Authorized Gmail API service instance.
user_id: User's email address. The special value "me" can be used to indicate the authenticated user.
message: Message to be sent.
Returns:
Sent Message.
"""
try:
message_sent = (service.users().messages().send(userId=user_id, body=message_with_attachment).execute())
message_id = message_sent['id']
# print(attached_file)
# return message_sent
except errors.HttpError as error:
print (f'An error occurred: {error}')
def main():
to = "[email protected]"
sender = "[email protected]"
subject = "subject test1"
message_text_html = r'Hi<br/>Html <b>hello</b>'
message_text_plain = "HinPlain Email"
attached_file = r'C:UsersMeDesktopaudio.m4a'
create_message_and_send(sender, to, subject, message_text_plain, message_text_html, attached_file)
if __name__ == '__main__':
main()
thanks, @Guillame, @apadana. @Guillaume’s answer worked great for me in Win/Python3.7, but with one change. For the all the 3 print statements, I had to remove the “f”, as in change:
print (f'An error occurred: {error}')
to
print ('An error occurred: {error}')
Also look at the first part of @apandana’s answer to get your client_secret.json file. That was more clearer for me.
For jupyter-notebook users, after following @apadana’s instructions, if you get cryptic error messages, make sure you copy the code out into it’s own python file and run it using
%run [filename].py
(still no clue how I figured that one out)
when you finish doing that, you’re now almost in the clear.
make the last change: Gmail API Error from Code Sample – a bytes-like object is required, not 'str'
replace
return {'raw': base64.urlsafe_b64encode(message.as_string())}
with:
return {'raw': base64.urlsafe_b64encode(message.as_string().encode()).decode()}
now, it should™ work.
final notes: remember there are two instances of the base64 encode thingie…
use
return {'raw': base64.urlsafe_b64encode(msg.as_string().encode()).decode()}
in method CreateMessageHtml
and
return {'raw': base64.urlsafe_b64encode(message.as_string().encode()).decode()}
in method createMessageWithAttachment
the reason you gotta do this is because the message has the variable name ‘msg’ in CreateMessageHtml, but name ‘message’ in createMessageWithAttachment. Because reasons. That’s why.
I was stuck with the same question some time ago.
Before you read the code – please go to-https://developers.google.com/gmail/api/quickstart/python
Also,
When going to the site listed above, enable the Gmail API, so that the code can be used.
I had to google a lot and modify the already existing google Gmail API code to find make it something like this :-
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from email.mime.text import MIMEText
import base64
subject = "Subject_Goes_Here"
msg = "Your_Message_Text_Goes_Here"
sender = "[email protected]"
receiver = "[email protected]"
SCOPES = ['https://www.googleapis.com/auth/gmail.modify']
creds = None
if os.path.exists('token.pickle'):
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
# Save the credentials for the next run
with open('token.pickle', 'wb') as token:
pickle.dump(creds, token)
service = build('gmail', 'v1', credentials=creds)
message = MIMEText(msg)
message['to'] = receiver
message['from'] = sender
message['subject'] = subject
raw = base64.urlsafe_b64encode(message.as_bytes())
raw = raw.decode()
body = {'raw' : raw}
message = (service.users().messages().send(userId='me', body=body).execute())
This code might seem long, but you only have to change the values in the variables, – subject , message , sender and receiver.
I had modified the code according to my needs and it might not work for yours. Yet, there are many other examples online. For example, to make a mail with attachments, you can go here – https://developers.google.com/gmail/api/guides/uploads
For this example, you have to downgrade your security, by enabling less-secure apps to access your Gmail account. But as this is a Google API, you need not worry. This code will also ask for your Gmail Password, but that is only as a security measure and is controlled and stored locally by the Google Servers.
This code worked like a charm for me and I do hope that it does for you too.
Thanks,
So I found all of the above super helpful, but nothing worked for me out of the box. Specifically my issue involved finding the proper scopes used to send rather the read messages (not specified in the quickstart guide provided by Google). A list of the scoping permissions can be found here.
Using that combined with the quickstart guide guide, we can get our pickled credentials file like so:
import pickle
import os
from google_auth_oauthlib.flow import InstalledAppFlow
# Specify permissions to send and read/write messages
# Find more information at:
# https://developers.google.com/gmail/api/auth/scopes
SCOPES = ['https://www.googleapis.com/auth/gmail.send',
'https://www.googleapis.com/auth/gmail.modify']
# Get the user's home directory
home_dir = os.path.expanduser('~')
# Recall that the credentials.json data is saved in our "Downloads" folder
json_path = os.path.join(home_dir, 'Downloads', 'credentials.json')
# Next we indicate to the API how we will be generating our credentials
flow = InstalledAppFlow.from_client_secrets_file(json_path, SCOPES)
# This step will generate the pickle file
# The file gmail.pickle stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
creds = flow.run_local_server(port=0)
# We are going to store the credentials in the user's home directory
pickle_path = os.path.join(home_dir, 'gmail.pickle')
with open(pickle_path, 'wb') as token:
pickle.dump(creds, token)
We can then go about actually sending the email with this:
import pickle
import os
import base64
import googleapiclient.discovery
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
# Get the path to the pickle file
home_dir = os.path.expanduser('~')
pickle_path = os.path.join(home_dir, 'gmail.pickle')
# Load our pickled credentials
creds = pickle.load(open(pickle_path, 'rb'))
# Build the service
service = googleapiclient.discovery.build('gmail', 'v1', credentials=creds)
# Create a message
my_email = '<your_email_here>@gmail.com'
msg = MIMEMultipart('alternative')
msg['Subject'] = 'Hello World'
msg['From'] = f'{my_email}'
msg['To'] = f'{my_email}'
msgPlain = 'This is my first email!'
msgHtml = '<b>This is my first email!</b>'
msg.attach(MIMEText(msgPlain, 'plain'))
msg.attach(MIMEText(msgHtml, 'html'))
raw = base64.urlsafe_b64encode(msg.as_bytes())
raw = raw.decode()
body = {'raw': raw}
message1 = body
message = (
service.users().messages().send(
userId="me", body=message1).execute())
print('Message Id: %s' % message['id'])
Source: https://scriptreference.com/sending-emails-via-gmail-with-python/
Here is what you need in plain and simple:
- Set up application password in your Google account
- Use this application password in your code
Set up Application Password
- Set up 2-step verification (if not already)
- Generate an App password:
- Go to your Google account
- Go to
Security - Go to
App passwords - Click the
Select appand thenOther (custom name) - Give a name and then click
Generate - Copy/remember this app password
Application
Then you may send emails with smtplib and email library:
import smtplib
from email.message import EmailMessage
# Create an email
msg = EmailMessage()
msg['Subject'] = 'An Example Subject'
msg['From'] = "[email protected]"
msg['To'] = "[email protected]"
msg.set_content("Hi, this is an email.")
# Send the message
s = smtplib.SMTP('smtp.gmail.com', 587)
s.starttls()
s.login("[email protected]", "<APP PASSWORD>")
s.send_message(msg)
s.quit()
Fill in the <APP PASSWORD> and [email protected] accordingly.
Alternative: Red Mail
I have also made a library to simplify this (minimize boilerplate and has several advanced features). Install it:
pip install redmail
Then simply:
from redmail import gmail
gmail.username = "[email protected]"
gmail.password = "<APP PASSWORD>"
gmail.send(
subject='An Example Subject',
receivers=['[email protected]'],
text='Hi, this is an example email.'
)
Red Mail supports text, HTML, inline/embedded images, attachments and it has Jinja integrated and logging handlers.
- Documentation: https://red-mail.readthedocs.io/en/stable/index.html
- Source code: https://github.com/Miksus/red-mail
- Releases: https://pypi.org/project/redmail/
UPDATE: I ended up not using the solution that I propose below. In my case, I had to manually obtain a refresh token once a week or so because my OAuth "application" in Google’s eyes is only a testing app or something like that…
What you should be doing, and what I ended up doing too is what @miksus recommends below: setup an application password and use it with the same code that you used for the old username/password auth with SMTP before. Note that this is actually as accepted a solution by Google as OAuth, only that (at least in my case) this was very much not clear from their communication.
So to answer your second question: app passwords are the (easiest) recommended way: safe, with the same (very little) code as before. And I guess the extra security comes from the fact that in case somebody breaks your app password, you can simply revoke it and create another one.
Good luck!
If you want to use a library, the following code is all you need:
from yagmail import SMTP
conn = SMTP("[email protected]", oauth2_file="./credentials.json")
conn.send(subject="It works!")
The first time you run the code above, you have to provide your Client ID and Client Secret that you get by following the steps 1-4 below if you don’t already have them.
Note: This first time run must be done on a machine where you can open a browser to complete the OAuth authorization flow (so very likely not on your sever!).
How come so little code?
This is a solution that does not require you to copy-paste large chunks of code into your project, but instead delegates to a third-party library named yagmail (2.3K⭐ on GitHub) which:
- implements the API communication
- starts the OAuth authorization flow as you see in Step 5 below
As far as I can tell all the steps that I describe below are required, so there’s no simpler solution. The process described here was tested on May, 2022.
1. Create a New Project in Your Google Console
In your google cloud console at https://console.cloud.google.com/
2. Enable GMail API
3. Configure OAuth Consent Screen
- Note: you might not be able to choose Internal (I wasn’t). As far as I can tell, this means that you you’ll have an extra step later in which you’ll add the email that you want to use for sending to a "testers" list
3.b. Enable the "Send Mail" OAuth Scope
Select "Add or Remove Scopes" and then enable the OAuth scope "Send mail".
3.c. Add Your Test User
- this is the mail you want to send your messages from
- this is needed if you choose "External" in Step 3; might not be needed if you chose Internal
4. Create a new OAuth Client
The OAuth client is your application/script that will send mail using GMail API on your behalf. Select "Desktop App" for a type.
Save the Client ID and Client secret – these uniquely identify your client app to Google. You’ll need them in the next step. You don’t have to, but you can also download the .json file that contains them.
5. Authorize the client app to send email on your behalf
The following code tells yagmail that you want to send an email while authenticating using OAuth:
import yagmail
yag = yagmail.SMTP("[email protected]", oauth2_file="./credentials.json")
yag.send(subject="It works!")
The first time you run this code, it will not find the credentials.json so it’s going to:
- ask you for your client ID and client secret from Step 4
- provide you with a link that you open in browser to follow the OAuth authorization flow. At the end of the authorization flow you get a verification code that you paste back in the command line
Once the above are done, the credentials.json file is created and saved in the folder where the process was started. The file contains the OAuth tokens required for authorizing email sending on your behalf.
Next time you run the code an email is sent straight away based on the the info in credentials.json.
Note:
- this last step must be done on a machine where you can open a browser to complete the OAuth authorization flow (so very likely not on your sever!)
- once you have the
credentials.jsonyou can copy the file on your server