如何让OAuth访问GMail？

Question

如何让用户启动的访问权限来阅读他们的电子邮件？似乎有OpenID,OAuth,OAuth2和随机的其他解决方案.

到目前为止我想出的最好的是OAuth2 scope=https://mail.google.com/.

是否有任何权限只能给我对邮件的只读访问权限,理想情况下不会通过以下权限通知吓唬用户:

"查看和管理您的邮件当我不使用该应用程序时执行这些操作"

所有我想要的,如果可能的话"查看你的邮件".

Answer 1

之前的答案不再准确.最近发布的Gmail API允许使用"只读"范围,可在此处找到:https://developers.google.com/gmail/api/auth/scopes.

"只读"范围是:https://www.googleapis.com/auth/gmail.readonly

https://www.googleapis.com/auth/gmail.readonly
Read all resources and their metadata—no write operations.

https://www.googleapis.com/auth/gmail.compose
Create, read, update, and delete drafts. Send messages and drafts.

https://www.googleapis.com/auth/gmail.send
Send messages only. No read or modify privileges on mailbox.

https://www.googleapis.com/auth/gmail.insert
Insert and import messages only.

https://www.googleapis.com/auth/gmail.labels
Create, read, update, and delete labels only.

https://www.googleapis.com/auth/gmail.modify
All read/write operations except immediate, permanent deletion of threads and messages, bypassing Trash.

https://www.googleapis.com/auth/gmail.metadata
Read resources metadata including labels, history records, and email message headers, but not the message body or attachments.

https://www.googleapis.com/auth/gmail.settings.basic
Manage basic mail settings.

https://www.googleapis.com/auth/gmail.settings.sharing
Manage sensitive mail settings, including forwarding rules and aliases. 

Note: Operations guarded by this scope are restricted to administrative use only. They are only available to G Suite customers using a service account with domain-wide delegation. 

https://mail.google.com/
Full access to the account, including permanent deletion of threads and messages. This scope should only be requested if your application needs to immediately and permanently delete threads and messages, bypassing Trash; all other actions can be performed with less permissive scopes.

Answer 2

GMail API 文档称只有一个范围可以访问所有内容。

还有一个名为GMail Inbox Feed 的功能，这可能是您想要的，但它仅在 Google Apps 域中可用。