0

I'm trying to implement a GMail OAuth process that can send email via a user's authenticated account, but I also need to be able to retrieve the email address of the user that has successfully authenticated.

The only two scopes I need are: https://www.googleapis.com/auth/gmail.send and https://www.googleapis.com/auth/userinfo.email.

Adding both of the required scopes during initial authentication results in a consent screen where "Send email on your behalf" is unchecked. This is the core functionality and needs to be checked, however, many users would just click the Continue button on the consent screen without checking this box.

I've tried adding both of these scopes to the consent screen setup in the API console, but with the same result as only adding the gmail.send scope.

I think to get the consent screen I'm looking for, I would need to specify the gmail.send scope by itself during initial authentication (so it isn't unchecked), and then add the email scope at some point after the initial authentication completes, since that is the less sensitive scope.

I found a similar question asked here: Is there a way to pre-check or avoid the scopes checkbox in Google's Gmail / Google Calendar OAuth approval flow?

However, the only answer I've found is to use the GoogleSignIn.requestPermissions() method, but I'm using native c# code that I've written, which is derived from the Google oauth samples for windows apps: https://github.com/googlesamples/oauth-apps-for-windows. I'm trying to avoid using the Google API client libraries if possible, since I've already gotten most of the functionality working that I needed without it.

How can I adding incremental permissions/scopes using native c#.NET code, either during initial authentication or afterwards?

Note: If I authenticate using Postman with the same client Id and secret that I use in my windows app, and specify both scopes that I need, for some reason I don't see the "Google hasn't verified this app" warning, and all of the permissions on the consent screen that is shown are listed but they can't be de-selected. This is the behavior I'm looking for, but I haven't been able to figure out how to replicate this using my windows app. It might be the same situation as described in this question in regard to the Google OAuth Playground: How can I configure Google OAuth consent screen to not show checkboxes?

J Ingersoll
  • 1
  • OAUTH and Window authentication are different. OAUTH is not mean to pass windows authentication. You need to read following : https://learn.microsoft.com/en-us/aspnet/mvc/overview/older-versions-1/security/authenticating-users-with-windows-authentication-cs – jdweng Jul 08 '22 at 21:17
  • As far as i know there is no way to force the checkboxes. Did you add these scopes on the oauth2 consent screen? – Linda Lawton - DaImTo Jul 09 '22 at 16:06
  • @DalmTo: Yes, I did add both of these scopes to the consent screen setup in the API console, but it made no difference as only adding the gmail.send scope. The only way I've found that the Send Email permission is pre-selected from my app on the consent screen is if I only send that scope by itself with the initial authorization request. – J Ingersoll Jul 10 '22 at 21:16

0 Answers0