When configuring the OAuth2 Consent Screen in the developer console preview google shows "google plus circles" and other details I'm not interested in (only the email address is required).
Is the actual consent screen the user sees configured on the backend side or is this within the scope that the client application requests with the accessToken?
How can the user consent be restricted to the bare minimum- just the email address?
As far as determining consent, the Google OAuth2 Consent Screen is only configured via the scopes. Of course you can set your client's logo, etc. in the backend but consent is determined by scopes sent in the authorization request. You can request just the "email" scope
e.g.
https://accounts.google.com/o/oauth2/v2/auth?scope=email&client_id=919088372921-uvdkhotpcvoviqasigkf7k4aaeq5uh8p.apps.googleusercontent.com&response_type=code&redirect_uri=http://localhost:9000
(enter this into a browser to see what i mean)
However, you cannot get rid of the "Know who you are on Google" consent item--even if you only request the email scope. See https://stackoverflow.com/a/24424716/1098564 for the reason.