XOAuth2 token generation for accessing GMail SMTP and IMAP

Usage no npm install needed!

<script type="module">
  import xoauth2 from 'https://cdn.skypack.dev/xoauth2';



XOAuth2 token generation with node.js


npm install xoauth2


xoauth2 generates XOAUTH2 login tokens from provided Client and User credentials.

Use xoauth2.createXOAuth2Generator(options) to initialize Token Generator

Possible options values:

See https://developers.google.com/identity/protocols/OAuth2WebServer#offline for generating the required credentials

For Google service account the option values are:

  • service (Required) Service account email.
  • user (Required) User e-mail address
  • scope (Required) OAuth2 scope.
  • privateKey (Required) Private key issued for the service account in PEM format, as a string.
  • serviceRequestTimeout (Optional) Expiration value to use in the token request in seconds. Maximum is 3600.
  • accessUrl (Optional) Endpoint for token generation (defaults to https://accounts.google.com/o/oauth2/token)
  • accessToken (Optional) initial access token. If not set, a new one will be generated
  • timeout (Optional) TTL in seconds
  • customHeaders (Optional) custom headers to send during token generation request
  • customParams (Optional) custom payload to send on getToken request


Request an access token

Use xoauth2obj.getToken(callback) to get an access token. If a cached token is found and it should not be expired yet, the cached value will be used.

Request for generating a new access token

Use xoauth2obj.generateToken(callback) to get an access token. Cache will not be used and a new token is generated.

Update access token values

Use xoauth2obj.updateToken(accessToken, timeout) to set the new value for the xoauth2 access token. This function emits 'token'


If a new token value has been set, 'token' event is emitted.

xoauth2obj.on("token", function(token){
    console.log("User: ", token.user); // e-mail address
    console.log("New access token: ", token.accessToken);
    console.log("New access token timeout: ", token.timeout); // TTL in seconds


var xoauth2 = require("xoauth2"),

xoauth2gen = xoauth2.createXOAuth2Generator({
    user: "user@gmail.com",
    clientId: "{Client ID}",
    clientSecret: "{Client Secret}",
    refreshToken: "{User Refresh Token}",
    customHeaders: {
      "HeaderName": "HeaderValue"
    customPayload: {
      "payloadParamName": "payloadValue"

// ... or for a Google service account
xoauth2gen = xoauth2.createXOAuth2Generator({
    user: "user@gmail.com",
    service: '{Service Email Address}',
    scope: 'https://mail.google.com/',
    privateKey: '{Private Key in PEM format}'

xoauth2gen.getToken(function(err, token){
        return console.log(err);
    console.log("AUTH XOAUTH2 " + token);

xoauth2gen.getToken(function(err, token, accessToken){
        return console.log(err);
    console.log("Authorization: Bearer " + accessToken);