Here is what Google thinks is a reasonable developer experience:
-
Create a Google Cloud project
-
Enable the Gmail API (but also the People API for contacts, and the Calendar API separately)
-
Configure an OAuth consent screen - answer 15 questions about your "app" when all you want is to read your own inbox
-
Create OAuth credentials - but wait, which type? Web? Desktop? Service account? The docs point you in circles
-
Download a credentials JSON file, put it somewhere your script can find it
-
Write the OAuth flow code - handle token refresh, token expiry, token storage
-
Run it, get a browser redirect, approve permissions on a consent screen that warns users YOUR OWN APP is "unverified"
-
Pray the token doesn't expire while you're still debugging step 6
And that's the HAPPY PATH. Half the tutorials are outdated, reference deprecated libraries, or skip critical steps. The official Google docs read like they were written by three different teams who never talked to each other.
I've been building software for close to 40 years. I've shipped systems in healthcare, security, enterprise - real production environments. And I genuinel struggled with this. Not because the concepts are hard, but because the process is needlessly hostile to developers.
The real kicker: I also need my users to be able to connect their Gmail accounts. So "just use a service account" or "just use an App Password" doesn't cut it.
I need actual OAuth that works for end users, which means going through Google's verification process, which is its own special circle of frustration.
All I want is a Python library where I can write something like:
gmail = connect_to_gmail()
emails = gmail.inbox(last=50)
contacts = gmail.contacts()
calendar = gmail.events(next_week=True)
Instead I'm drowning in credential files, token pickle storage, scope strings, and consent screen configurations.
Has anyone found a genuinely good solution for this? A library or service that wraps the OAuth pain and just lets you work with Gmail/Contacts/Calendar data?
Something your users can set up without a 3-hour onboarding session?
I keep thinking someone must have solved this by now. Because right now, Google has effectively made it harder to programmatically access your own email than it was 20 years ago with IMAP.