Problem
Currently, the Gmail service always requests the gmail.modify scope, which grants read-write access. There's no way to request read-only access to Gmail.
For security-conscious setups where an AI assistant or automation tool needs to read emails but should not be able to send or modify them, this is a significant limitation.
Desired Behavior
Add a --gmail-scope flag similar to --drive-scope:
gog auth add user@gmail.com --services=gmail --gmail-scope=readonly
This would request gmail.readonly scope instead of gmail.modify.
Google's Available Scopes
Google supports these Gmail scopes:
gmail.readonly — Read-only access to messages and settingsgmail.modify — Read/write access (current default)gmail.compose — Send onlygmail.send — Send only
Reference: https://developers.google.com/gmail/api/auth/scopes
Use Case
I'm using gog with an AI assistant that needs to search and read emails but should never be able to send or delete messages. Currently I have to grant full read-write access, which is a security risk.
Thank you for this excellent tool!
Problem
Currently, the Gmail service always requests the
gmail.modifyscope, which grants read-write access. There's no way to request read-only access to Gmail.For security-conscious setups where an AI assistant or automation tool needs to read emails but should not be able to send or modify them, this is a significant limitation.
Desired Behavior
Add a
--gmail-scopeflag similar to--drive-scope:This would request
gmail.readonlyscope instead ofgmail.modify.Google's Available Scopes
Google supports these Gmail scopes:
gmail.readonly— Read-only access to messages and settingsgmail.modify— Read/write access (current default)gmail.compose— Send onlygmail.send— Send onlyReference: https://developers.google.com/gmail/api/auth/scopes
Use Case
I'm using gog with an AI assistant that needs to search and read emails but should never be able to send or delete messages. Currently I have to grant full read-write access, which is a security risk.
Thank you for this excellent tool!