Allow to specify scopes (without default) for OAuth2 apps

Question

Allow to specify scopes (without default) for OAuth2 apps

Closed this issue 10 months ago · 3 comments

I want to process emails from specific inbox and label it after the processing is finished. I would like to have ability to specify own scopes when using OAuth2 outlook provider. Current behaviour always applies base "imap" scope which adds SMTP.Send. This should be only required when sending the emails but not for reading/labeling.

Describe the solution you'd like
Allow to specify own scopes (not only "additional scopes"). I'm aware that some functionality is not possible then but that is fine.

Describe alternatives you've considered
I've tried to update using PUT /oauth2/{app} and {"baseScopes": ""} which returns updated true but doesn't actually change the scopes.

Answer 1 · 2023-10-20T13:39:54.000Z

IMAP and offline_access scopes are mandatory, so would this be okay if only the SMTP scope would be made optional? Unless you send emails that scope is not really needed.

Answer 2 · 2023-10-20T13:42:09.000Z

@andris9 Thank you for quick reply.
I agree that it would be okay to have only SMTP scope optional as I don't have use case for sending emails.

Moreover it doesn't technically make sense to include SMTP.Send within the base imap scope 🤔

Answer 3 · 2023-10-24T10:19:22.000Z

This change is included in the next release #378 - when setting up OAuth2 application settings in EmailEngine, there is a new field where you can list all OAuth2 scopes that should not be used.