Configuring Secure Gmail Access in WP Issues CRM

WP Issues CRM now supports the Gmail API as one option for reading email.  The Gmail API offers connectivity superior to traditional IMAP connectivity. It is a little more secure and also allows WP Issues CRM to present an inbox showing the Gmail tabs.

The steps to configuring the Gmail API are truly convoluted, but need only done once in a multiuser installation. Once the lead blog is configured with gmail credentials, each individual site need only supply their email to connect.

Whether for an individual site or for a multisite installation, here are the basic steps to configuring the gmail API. They require access to and basic familiarity with the file server that your web site runs on.  Additionally, they require interaction with Google’s developer console to create “project” credentials — the credentials creation progress can be confusing, but once complete, the API works like a charm.

  1. Sign into your Google Account.
  2. Visit the Google Developer’s console.
  3. You should be prompted to create a “project”.  Create a project with an appropriate name.
  4. Once you create the project, you will need to verify the domain that you intend to gain credentials for.  Click Domain Verification, Add Domain and follow instructions as necessary (may vary based on your prior google developer activity).
  5. Click the Oauth consent screen Tab and provide the required information.
  6. Then you click “Credentials” and click “Create Credentials” and select “Oauth Client ID” and then select “Web Application”.  
  7. The “Name” you choose will be visible to you and your users when they sign in through Google.
  8. You do not need to fill in “Javascript origins”, but you must fill in Authorized redirect URI  with the following : https://EXAMPLE.COM/wp-admin/admin.php?page=wp-issues-crm-main&entity=email_oauth&action=redirect_from_gmail&id_requested=0  — EXAMPLE.COM should be your site (including any subdirectory that you have installed WordPress in — e.g. EXAMPLE.COM/blog
  9. When you click Create after completing this form, you will be shown your client ID and secret. Just click OK and then download the credential file from the list of Client IDs.
  10. Install the credentials a file at location outside the public_html ( or www ) directory of your web server. You do not want the credential file to be directly accessible over the web. A good place is in the directory immediately above your public_html directory.
  11. Place a line in the wp_config.php file that resides within your public_html directory that reads as follows:

    define ('WIC_GMAIL_OAUTH_CREDENTIALS_FULL_PATH', '/full/pathto/yourcredentialsfile');

    This line should be placed in a manner consistent with the other definition lines in the file, but it does not matter exactly where.  A safe place is immediately below another definition line. You should replace /full/pathto/yourcredentialsfile with the full path to your credentials file, including the starting slash all the way through and including the full filename, likely ‘credentials.json’. The starting slash indicates the root directory of your server, so be sure to include all the intermediate elements of the path. The final semi-colon in the line is a necessary part of the line. Your line should include the single quotes around the path.

  12. You do NOT need to install the Google Client Library or do any other programming — the necessary components are packaged and integrated with WP Issues CRM.
  13. Once you have installed the credentials file, you should select Gmail as your “Read Email from” in the Account tab in the Settings for WP Issues CRM email  (not the “Main Settings” page).
  14. Finally click on the Gmail tab in  email settings and connect.  You will be alerted that you are connecting to an unrecognized project.  That project is the one you created — it is your installation of WP Issues CRM, not any central copy of WP Issues CRM.  You are giving permission to yourself.
  15. On first go around, you may be prompted to go to the developer console and enable the Gmail API — do so.

Note — if this is all too daunting, Gmail supports access for both sending and receiving using traditional IMAP and SMTP over SSL  and you can much more easily configure that type of access for WP Issues CRM.  If you connect using IMAP/SMTP instead of using the API,  Gmail will characterize the app as “less secure” and it is, in fact, slightly less secure in the sense that you are saving an encrypted copy of your password in an additional location (to wit, your copy of WP Issues CRM).  If you feel that your WordPress installation is secure, there is no real security reason not to use traditional IMAP access.  In the email Settings/Account tab select ‘Any account configured in main settings’ and then configure Email In and Email Out in main settings.

Leave a comment

Your email address will not be published. Required fields are marked *