alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/docs/inbound-email/setup/gmail.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

57 lines
2.4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Gmail Provider Setup Guide
This guide walks an administrator through connecting a Gmail mailbox to the system using tenant-owned Google OAuth + Pub/Sub.
> For background on why Pub/Sub is now initialised once, see `../architecture/pubsub.md`.
## Prerequisites
* Google Cloud project with the **Gmail API** and **Pub/Sub API** enabled.
* A tenant-owned OAuth client (Client ID + Client Secret) created in Google Cloud Console.
* A tenant-owned service account key JSON (for Pub/Sub provisioning) available for upload/paste.
## End-to-End Flow
```mermaid
flowchart TD
A[Admin configures Google integration settings] --> B[User clicks 'Authorize Access' on Gmail provider]
B --> C[Provider draft saved (upsertEmailProvider)]
C --> D[OAuth popup opens]
D --> E[User grants permissions]
E --> F[OAuth callback]
F --> G[configureGmailProvider → setupPubSub]
G --> H[GmailWebhookService.registerWatch]
H --> I[Provider ready]
```
Only one call to `setupPubSub` happens at step **G**.
## Step-by-Step
1. Open **Settings → Integrations → Providers**.
2. Create (or select) a Google Cloud project and OAuth client, then configure the **redirect URI** shown in the UI.
3. Paste **Project ID**, **OAuth Client ID**, **OAuth Client Secret**, and the **service account key JSON** into the Google integration screen and save.
4. Open **Settings → Email Providers → + Add Gmail**.
5. Fill **display name**, **mailbox**, and any label filtering.
6. Click **Authorize Access** and complete the OAuth consent. The window closes automatically and setup continues.
### Refreshing Pub/Sub
If the subscription/watch expires or the webhook URL changes, use the **Refresh Watch** button or call the API:
```bash
curl -X POST \
-H "Authorization: Bearer <admin-token>" \
-H "Content-Type: application/json" \
-d '{"providerId":"<providerId>"}' \
https://<host>/api/email/refresh-watch
```
This bypasses the 24-hour cool-down by setting `force=true`.
## Troubleshooting
* **OAuth fails** confirm the tenants OAuth client includes the redirect URI shown in **Settings → Integrations → Providers**.
* **No messages arriving** check `google_email_provider_config.pubsub_initialised_at` and `watch_expiration`. Use *Refresh Watch* if either is stale.
* **Pub/Sub provisioning fails** confirm the uploaded service account has the required IAM permissions on the tenants Google Cloud project.
Reference in New Issue View Git Blame Copy Permalink