Only show these results:

Google authentication

You created a Google application, and now you're ready to authenticate your Google application using either hosted or native authentication.

IMAP Authentication

Nylas recommends avoiding using IMAP. IMAP has reduced functionality and will eventually be deprecated by Google.

What you'll learn

In this tutorial, you'll learn how to authenticate your Google application.


Authenticate your app

You can use either hosted or native authentication.

Use hosted authentication

Use hosted authentication as you normally do.

Use native authentication

To use Google native authentication, you need to get a refresh token from Google. A refresh_token is part of the OAuth 2.0 protocol and gives you access to Google APIs. You can use Google API Client Libraries to automate the refresh_token implementation process.

Refresh tokens for Google Cloud Platform applications with the "Testing" publishing status expire in seven days. Learn more about refresh token expiration.

Google Native Authentication

To implement native authentication, follow the steps below:

  1. Redirect the user to your OAuth login page.

  2. Google sends the authentication code to your application.

  3. Request the refresh token from Google.

  4. Google returns the refresh_token.

  5. Make a POST /connect/authorize request using the google_client_id, google_client_secret and google_refresh_token.

    curl -X POST -d '{ 
    "client_id": "nylas_client_id",
    "name": "Nyla the Cheetah",
    "email_address": "[email protected]",
    "provider": "gmail",
    "settings": {
    "google_client_id": "{google_api_client_id}",
    "google_client_secret": "{geoogle_api_client_secret}",
    "google_refresh_token": "{google_api_refresh_token}"
    "scopes": "email.read_only,calendar.read_only,contacts.read_only"
  6. Nylas returns a one-time use authorization code.

  7. Make a POST /connect/token request.

    curl -X POST "" -d '{
    "client_id": "{client-id}",
    "client_secret": "{client-secret}",
    "code": "{nylas_code}"
  8. Nylas returns an access_token for the account.


Before authorizing a user, make sure that you have the correct Nylas scopes in your request. If you change scopes, the user needs to re-authenticate.

Depending on the scopes you choose for production, your application might need to get a Google security review.

Example apps

The following are Google native authentication example applications that show you how to implement the process in your app:

More resources