Gmail XOAUTH2
Send mail through Gmail with OAuth client ID/secret and Connect Google — not a Gmail password.
Gmail XOAUTH2
When Email delivery mode is Gmail, the script sends through Google using OAuth (XOAUTH2), not a stored Gmail password.
Where to find it
Admin → Settings → Settings (first tab) → Email delivery (mode Gmail)
| Field | Key |
|---|---|
| Google account | xoauth2_username |
| Client ID | xoauth2_client_id |
| Client secret | xoauth2_client_secret |
| Redirect URI | shown in admin (read-only) |
Refresh token is stored as gmail_refresh_token after a successful Connect — not a field you paste by hand.
How it works
1. In Google Cloud Console → APIs & Services → Credentials, create an OAuth client (Web application).
2. Add the Authorized redirect URI exactly as shown in admin (shape: https://YOUR-DOMAIN/api/admin/settings/email/gmail/oauth/callback).
3. Paste Client ID + Client secret here and Save.
4. Click Connect Google, finish consent (access_type=offline, mail scope).
5. Status should show Connected — then send a test (usually to Contact email).
Align Email from address with the Google account / domain you are allowed to send as.
Common problems
Redirect URI mismatch
Google Cloud URI must exactly match the admin value (https, path, no trailing slash typos).
Access blocked / unverified app
New OAuth clients often need a test user or app publishing per Google’s rules.
Connected then mail dies later
Refresh token revoked, secret rotated, or mail scope missing. Disconnect, update secret if needed, Connect again with consent.
Forgot to Save before Connect
Save Client ID/secret first; Connect needs them on the server.