Authorize gmailr to view and manage your Gmail projects. This function is a wrapper around gargle::token_fetch().

By default, you are directed to a web browser, asked to sign in to your Google account, and to grant gmailr permission to operate on your behalf with Google Gmail. By default, these user credentials are cached in a folder below your home directory, ~/.R/gargle/gargle-oauth, from where they can be automatically refreshed, as necessary. Storage at the user level means the same token can be used across multiple projects and tokens are less likely to be synced to the cloud by accident.


gm_auth(email = gm_default_email(), path = NULL, scopes = "full",
  cache = gargle::gargle_oauth_cache(),
  use_oob = gargle::gargle_oob_default(), token = NULL)



Optional. Allows user to target a specific Google identity. If specified, this is used for token lookup, i.e. to determine if a suitable token is already available in the cache. If no such token is found, email is used to pre-select the targetted Google identity in the OAuth chooser. Note, however, that the email associated with a token when it's cached is always determined from the token itself, never from this argument. Use NA or FALSE to match nothing and force the OAuth dance in the browser. Use TRUE to allow email auto-discovery, if exactly one matching token is found in the cache. Defaults to the option named "gargle_oauth_email", retrieved by gargle::gargle_oauth_email().


JSON identifying the service account, in one of the forms supported for the txt argument of jsonlite::fromJSON() (typically, a file path or JSON string).


One or more gmail API scope to use, one of 'labels', 'send', 'readonly', 'compose', 'insert', 'modify', 'metadata', 'settings_basic', 'settings_sharing' or 'full' (default: 'full'). See for details on the permissions for each scope. and gm_scopes() to return a vector of the available scopes.


Specifies the OAuth token cache. Defaults to the option named "gargle_oauth_cache", retrieved via gargle::gargle_oauth_cache().


Whether to prefer "out of band" authentication. Defaults to the option named "gargle_oob_default", retrieved via gargle::gargle_oob_default().


A token with class Token2.0 or an object of httr's class request, i.e. a token that has been prepared with httr::config() and has a Token2.0 in the auth_token component.


Most users, most of the time, do not need to call gm_auth() explicitly -- it is triggered by the first action that requires authorization. Even when called, the default arguments often suffice. However, when necessary, this function allows the user to explicitly:

  • Declare which Google identity to use, via an email address. If there are multiple cached tokens, this can clarify which one to use. It can also force gmailr to switch from one identity to another. If there's no cached token for the email, this triggers a return to the browser to choose the identity and give consent.

  • Use a service account token.

  • Bring their own Token2.0.

  • Specify non-default behavior re: token caching and out-of-bound authentication.

For details on the many ways to find a token, see gargle::token_fetch(). For deeper control over auth, use gm_auth_configure() to bring your own OAuth app or API key.

See also

Other auth functions: gm_auth_configure, gm_deauth


## load/refresh existing credentials, if available
## otherwise, go to browser for authentication and authorization

## force use of a token associated with a specific email
gm_auth(email = "")

## force a menu where you can choose from existing tokens or
## choose to get a new one
gm_auth(email = NA)

## use a 'read only' scope, so it's impossible to change data
  scopes = ""

## use a service account token
gm_auth(path = "foofy-83ee9e7c9c48.json")
# }