I am setting up an automated Gmail account that will be capable of receiving, parsing, and sending emails as well as having some access to users' Google calendars. Using Google's quickstart guide for authorization I was able to get all the necessary functionality working. The problem is that it requires visiting a URL to give permissions to the program. It is not an issue when developing locally, but this will be deployed on a Debian droplet with no GUI or browser. I am guessing this could be handled by Selenium or Puppeteer, but there has to be a better way.
I have looked into Google's server-side authorization but that seems to involve visiting a URL as well. I have also come across service accounts, but there seems to be some concern over which APIs they can access and I'm not sure if it's the way to go for me.
Here are the scopes I am using:
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/gmail.readonly
https://mail.google.com/
Will a service account work for me? If not, what route should I be taking?
In order to access private user data behind a gmail account. Your application needs the permission of the owner of that account. or rather their consent to access the data. This is why the user is shown the consent screen.
What you can do is verify your application once and then store the refresh token and use that up on your server. You should also know that apps that are in the testing the refresh tokens expire after seven days. So you will either need authorize it once a week or set it in production and possibly apply for varication.
You should know that using Gmail API, with Oauth2. To have your application verified is going to cost you between 15k and 75k each year for the security audit.
In order to use service accounts with the Gmail api you need to have a google workspace account and you need to set up domain wide delegation to the service account.
Have you considered going though the SMTP server?