Configuring the Mailing Service

Introduction

In SMU Portal, there are many features that use the mailing service. For instance, when you create an account you will receive an email containing a link that to confirm your email address, or when making a box reservation you will receive an email containing the reservation's details.

The mailing service is implemented with nodemailer coupled with Gmail. In fact, Google offers a free SMTP service to send emails through Gmail.

Generating OAuth 2.0 Tokens

OAuth 2.0 is a standard that allows your application to use a set of tokens (strings) instead of using actual login credentials (i.e. email and password). This represents an import security advantage since each set of tokens is only bound or valid for a specific action (or set of actions). In this case, our set will only allow sending emails, so once compromised, the tokens cannot do as much harm as actual account credentials.

Before starting, you will need a Gmail account, we recommend that you create a new one instead of using your personal email for extra security measure, you can signup here.

First, we need to create a new project in the Google Cloud Platform. Make sure that you are connected using your newly created account.

Google cloud platform dashboard

Click on Select Project.

Selecting a project

This window will pop out. Select New Project and you will be redirected project creation page.

Creating a new project

Specify a name and then click Create.

Choosing a name for the project

If everything went well, you will be redirected to the dashboard and receive a notification once your project has been created.

Project successfully created

Select your project on the top left, click on the burger menu icon, and choose Home > Dashboard.

Accessing the project's dashboard

Click on Go to Project Settings at the bottom of the Project Info card.

Modifying the project's settings

Click on the sidebar menu, and choose API & Service > Credentials and you will be redirected to the Credentials page.

Creating credentials for the project

Press Create Credentials and select OAuth client ID.

Creating an OAuth Client ID

You will be confronted with this page, click on Configure Consent Screen.

Configuring Consent Screen

Choose External as a User Type and click on Create.

Selectin User Type

Choose a name for your application and press save.

Choosing a name for the application

Once that is finished, click on Credentials from the sidebar, then on Create Credentials and select OAuth client ID as we have done earlier.

Choose Web Application as an Application Type, specify a Name and add https://developers.google.com/oauthplayground to the Authorised redirect URIs list.

Creating a OAuth client ID

Now, your OAuth client has been successfully created, save Client ID and Client Secret, we will need them later on.

Visit OAuth 2.0 Playground, click on the gear icon, and paste your Client ID and Client Secret, also make sure that you have identical options as shown in the image, then press close.

OAuth 2.0 configuration

Paste https://mail.google.com/ in the scope text box of Step 1 Select & authorize APIs and click on Authorize APIs

You will be redirected to this page, click on Advance and Go to <PROJECT-NAME> (in this case <PROJECT-NAME> is CS321).

Signing in to the application

Click on Allow

Allowing the application to use Gmail API

Press Exchange authorization code for tokens, and it will generate a Refresh token and an Access Token.

Generating Refresh and Access Tokens

Finally, go to your .env file and add your Client ID, Client Secret, Refresh, and Access Tokens. SMTP_USER should be your Gmail's email.

# NodeMailer #
# SMTP_USER should contain an email not a username
SMTP_SERVICE = gmail
SMTP_USER = email
SMTP_TYPE = OAuth2

# Google OAuth
G_CLIENT_ID = <CLIENT-ID>
G_CLIENT_SECRET = <CLIENT-SECRET>
G_ACCESS_TOKEN = <ACCESS-TOEKN>
G_REFRESH_TOKEN = <REFRESH-TOEKN>
G_REDIRECT_URI = https://developers.google.com/oauthplayground