Google OAuth scope for sending mail

Question

Using Google Oauth2, the following scope is used to get API-access to a users email: https://mail.google.com/

Testing the scope via OAuth 2.0 Playground confirms that the app wants to "View and manage your email":

Is there a way to only ask for access to send emails on behalf of the user? A more specific scope perhaps?

Answer 1

The scope is the same if you use OAuth through SMTP or IMAP. But Google released new set of scopes (https://developers.google.com/gmail/api/auth/scopes) for Gmail API access. Here they are:

1. https://mail.google.com/ Full access to the account, including permanent deletion of threads and messages. This scope should only be requested if your application needs to immediately and permanently delete threads and messages. All other actions can be performed with less permissive scopes.
2. https://www.googleapis.com/auth/gmail.modify All read/write operations except immediate, permanent deletion of threads and messages.
3. https://www.googleapis.com/auth/gmail.readonly Read all resources and their metadata. No write operations.
4. https://www.googleapis.com/auth/gmail.compose Create, read, update, and delete drafts. Send messages and drafts.
5. https://www.googleapis.com/auth/gmail.send Send messages only. No read or modify privileges on mailbox.
6. https://www.googleapis.com/auth/gmail.insert Insert and import messages only.
7. https://www.googleapis.com/auth/gmail.labels Create, read, update, and delete labels only.
8. https://www.googleapis.com/auth/gmail.metadata Read resources metadata including labels, history records, and email message headers, but not the message body or attachments.
9. https://www.googleapis.com/auth/gmail.settings.basic Manage basic mail settings.
10. https://www.googleapis.com/auth/gmail.settings.sharing Manage sensitive mail settings, including forwarding rules and aliases. (GSuite only)

You can try using the 5th one and see if it works for you.