In the limited Google CardDAV Documentation, located here the following is mentioned
Client applications must use HTTPS, and OAuth 2.0 authentication must be provided for the user's Google account. The CardDAV server will not authenticate a request unless it arrives over HTTPS with OAuth 2.0 authentication of a Google account, and your application is registered on DevConsole. Any attempt to connect over HTTP with Basic authentication or with an email/password that doesn't match a Google account results in an HTTP 401 Unauthorized response code.
However, when using OAuth 2.0 it is neccesary to specify what scopes are neccesary to access the information. I could not find anywhere in the docs or online what scopes are neccesary for CardDAV access.
I tried using the OAuth 2.0 Playground to grant access to several scopes and used the tokens generated in a "Bearer" authorization header to send requests to the Google's CardDAV server but every time I tried I get a 403 response. The same requests work with Basic authentication.
Does anyone have experience with googles CardDAV API and OAuth 2.0, and knows what scopes are required?
Thank you!
Well, it took a little bit of digging but I found the OAuth scope thats required for CardDAV access:
It's really a shame that this is literally not mentioned anywhere in Google's CardDAV documentation. I hope this will save someone the hours it took me to find it.