> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corsair.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Credentials

> Step-by-step instructions for obtaining Gmail OAuth 2.0 credentials.

This guide walks you through obtaining all required credentials for the Gmail plugin.

## Authentication Method

The Gmail plugin uses OAuth 2.0 authentication exclusively.

* **[`oauth_2`](/concepts/oauth)** (default) - OAuth 2.0 authentication

## OAuth 2.0 Setup

### Step 1: Create Google Cloud Project

1. Go to [Google Cloud Console](https://console.cloud.google.com/)
2. Click **Select a project** → **New Project**
3. Enter a project name and click **Create**
4. Wait for the project to be created and select it

### Step 2: Enable Gmail API

1. In the Google Cloud Console, go to **APIs & Services** → **Library**
2. Search for "Gmail API"
3. Click on **Gmail API**
4. Click **Enable**

### Step 3: Create OAuth 2.0 Credentials

1. Go to **APIs & Services** → **Credentials**
2. Click **Create Credentials** → **OAuth client ID**
3. If prompted, configure the OAuth consent screen:
   * Choose **External** (unless you have a Google Workspace)
   * Fill in the required information:
     * App name
     * User support email
     * Developer contact information
   * Add scopes:
     * `https://www.googleapis.com/auth/gmail.readonly`
     * `https://www.googleapis.com/auth/gmail.send`
     * `https://www.googleapis.com/auth/gmail.modify`
     * `https://www.googleapis.com/auth/gmail.compose`
   * Add test users (for testing)
   * Click **Save and Continue** through all steps
4. Back in **Credentials**, click **Create Credentials** → **OAuth client ID**
5. Select **Web application**
6. Configure:
   * **Name**: Your application name
   * **Authorized redirect URIs**: Add your callback URL (e.g., `https://yourapp.com/auth/gmail/callback`)
7. Click **Create**
8. Copy the **Client ID** and **Client Secret**
9. Store these securely

**Storing Credentials:**

The preferred method is to store OAuth credentials in the database using the keys API:

```ts theme={null}
await corsair.withTenant('default').keys.gmail.setClientId('your-client-id');
await corsair.withTenant('default').keys.gmail.setClientSecret('your-client-secret');
await corsair.withTenant('default').gmail.keys.setAccessToken('your-access-token');
await corsair.withTenant('default').gmail.keys.setRefreshToken('your-refresh-token');
```

Alternatively, you can provide credentials directly in the plugin configuration:

```ts corsair.ts theme={null}
gmail({
    authType: "oauth_2",
    credentials: {
        clientId: process.env.GMAIL_CLIENT_ID,
        clientSecret: process.env.GMAIL_CLIENT_SECRET,
        accessToken: process.env.GMAIL_ACCESS_TOKEN,
        refreshToken: process.env.GMAIL_REFRESH_TOKEN,
    },
})
```

## Required Credentials Summary

| Credential    | Required For | Where to Find                                        |
| ------------- | ------------ | ---------------------------------------------------- |
| Client ID     | OAuth 2.0    | Google Cloud Console → APIs & Services → Credentials |
| Client Secret | OAuth 2.0    | Google Cloud Console → APIs & Services → Credentials |
| Access Token  | OAuth 2.0    | Obtained automatically after OAuth flow              |
| Refresh Token | OAuth 2.0    | Obtained automatically after OAuth flow              |

For general information about how Corsair handles authentication, see [Authentication](/concepts/auth).
