setup oauth2 configuration for smtp email

14 views
Skip to first unread message

Xavier Rajan

unread,
Dec 17, 2025, 6:33:59 AM (3 days ago) Dec 17
to WildFly
Hi,

using branded gmail id i can not send the email using oauth2 mechanisms provided by gmail.

how to setup oauth2 configuration for smtp server for standalone.xml

thanks 

luca stancapiano

unread,
Dec 17, 2025, 9:21:08 AM (3 days ago) Dec 17
to Xavier Rajan, WildFly

Hi Xavier, 

To send mail from WildFly using a branded Gmail / Google Workspace address with OAuth2, you have to configure two parts:

  1. Google OAuth2 (Cloud Console / Workspace)

  2. WildFly mail-session + JavaMail XOAUTH2 usage

WildFly’s standalone.xml can configure the SMTP connection (host, port, TLS, etc.), but it does not automatically handle OAuth2 token generation. That part must be done in your application code (or a custom provider) that uses the mail-session.

1. Configure OAuth2 in Google

  1. Go to Google Cloud Console and create a project.

  2. Enable the Gmail API (or at least create OAuth2 credentials).

  3. Under APIs & Services → Credentials, create an OAuth 2.0 Client ID (Desktop or Web application).

  4. Note the client_id and client_secret.

  5. Use the official scripts or tools (e.g. Google’s oauth2.pygam, etc.) to complete the OAuth consent flow for the branded account and obtain:

    • refresh token

    • from which you can obtain access tokens to be used with SMTP.

If you are using Google Workspace, the domain admin may also need to allow your OAuth app and permit access to Gmail for that client.

2. WildFly mail-session (standalone.xml)

In standalone.xml you configure the SMTP server and enable XOAUTH2 as the mechanism:

<subsystem xmlns="urn:jboss:domain:mail:6.0">
    <mail-session name="gmail-oauth" jndi-name="java:/mail/gmail-oauth">
        <smtp-server outbound-socket-binding-ref="gmail-smtp">
            <login name="your...@yourbrand.com"/>
            <property name="mail.smtp.starttls.enable" value="true"/>
            <property name="mail.smtp.auth" value="true"/>
            <property name="mail.smtp.auth.mechanisms" value="XOAUTH2"/>
        </smtp-server>
    </mail-session>
</subsystem>

<outbound-socket-binding name="gmail-smtp">
    <remote-destination host="smtp.gmail.com" port="587"/>
</outbound-socket-binding>

This only tells JavaMail to use XOAUTH2. WildFly does not know how to turn client_id/client_secret/refresh_token into an access token by itself.

3. Use XOAUTH2 in your application code

In your Java code (that looks up java:/mail/gmail-oauth), you must:

  1. Use the refresh token to obtain an access token from Google’s OAuth2 endpoint.

  2. Create a JavaMail Session that uses XOAUTH2, and feed the access token to a SaslClient. Google provides sample code for “JavaMail + Gmail OAuth2” that you can adapt.

  3. Send the message through the WildFly mail-session (or directly via JavaMail) using that token.

Common reasons why a branded Gmail ID fails with OAuth2:

  • The Workspace admin did not grant access/consent for the OAuth app.

  • SMTP is configured with classic LOGIN/PLAIN auth instead of XOAUTH2.

  • client_id / client_secret are being used as if they were username/password, instead of using an access token.

In short: standalone.xml configures the SMTP connection and tells JavaMail to use XOAUTH2; the actual OAuth2 token handling must be implemented in your application.


--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wildfly/6c80bdee-80f3-4741-a2f3-d60655163caan%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages