XOAuth2 token generation for accessing GMail SMTP and IMAP


XOAuth2 token generation with node.js

npm install xoauth2

xoauth2 generates XOAUTH2 login tokens from provided Client and User credentials.

Use xoauth2.createXOAuth2Generator(options) to initialize Token Generator

Possible options values:

  • user (Required) User e-mail address
  • accessUrl (Optional) Endpoint for token generation (defaults to https://accounts.google.com/o/oauth2/token)
  • clientId (Required) Client ID value
  • clientSecret (Required) Client secret value
  • refreshToken (Required) Refresh token for an user
  • accessToken (Optional) initial access token. If not set, a new one will be generated
  • timeout (Optional) TTL in seconds
  • customHeaders (Optional) custom headers to send during token generation request yahoo requires Authorization: Basic Base64(clientId:clientSecret)
  • customParams (Optional) custom payload to send on getToken request yahoo requires redirect_uri to be specified

See https://developers.google.com/accounts/docs/OAuth2WebServer#offline for generating the required credentials

Use xoauth2obj.getToken(callback) to get an access token. If a cached token is found and it should not be expired yet, the cached value will be used.

Use xoauth2obj.generateToken(callback) to get an access token. Cache will not be used and a new token is generated.

Use xoauth2obj.updateToken(accessToken, timeout) to set the new value for the xoauth2 access token. This function emits 'token'

If a new token value has been set, 'token' event is emitted.

xoauth2obj.on("token", function(token){
    console.log("User: ", token.user); // e-mail address
    console.log("New access token: ", token.accessToken);
    console.log("New access token timeout: ", token.timeout); // TTL in seconds
var xoauth2 = require("xoauth2"),

xoauth2gen = xoauth2.createXOAuth2Generator({
    user: "user@gmail.com",
    clientId: "{Client ID}",
    clientSecret: "{Client Secret}",
    refreshToken: "{User Refresh Token}",
    customHeaders: {
      "HeaderName": "HeaderValue"
    customPayload: {
      "payloadParamName": "payloadValue"

xoauth2gen.getToken(function(err, token){
        return console.log(err);
    console.log("AUTH XOAUTH2 " + token);

xoauth2gen.getToken(function(err, token, accessToken){
        return console.log(err);
    console.log("Authorization: Bearer " + accessToken);