google-cloud-platformoauth-2.0gmail

Some scopres missing from Google Gmail API oAuth Consent Flow


I have a Google GMAIL API oAuth application configured. When I set this up in the Google Cloud console, I gave it access to all the gmail scopes.

image of selected restricted scopes

However, when I initiate an oAuth consent screen, I only see an option to pick the read only scopes.

image of oauth consent screen image of oauth rights after selecting on consent screen

I've read that you need to verify an application if you want to have access to these scopes in production, but this is an application with a Published Status of "Testing", not production.

How can I get scopes like .../auth/gmail.labels and .../auth/gmail.modify to appear as selection in this oAuth screen in order to allow my application to set labels on messages?


Solution

  • When you request oAuth permission from a gmail application, you send a number of parameters along.

    https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?
        response_type=code&
        client_id=abc123
        &redirect_uri=http%3A%2F%2Flocalhost%3A8082
        prompt=consent&
        scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.modify%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.labels&
        access_type=offline&
        service=lso&
        o2v=2&
        ddm=0&
        flowName=GeneralOAuthFlow
    

    The scope parameter is where you indicate which permissions you want the consent screen to ask users for. This is a space delimited list of scopes from the Google API docs. Users will then need to explicitly check the boxes for the scopes they're giving the application.

    If you're using a client library that generates this URL for you, they may offer you the ability to configure these scopes. Only your library docs know for sure.