I have a Django site that uses Google Oauth2 to allow users to grant access to read and reply to their emails.
GOOGLE_OAUTH2_CREDENTIALS = {
'client_id': '********************',
'client_secret': '*******',
'scope': [
'https://www.googleapis.com/auth/gmail.readonly',
'https://www.googleapis.com/auth/gmail.send'
],
'redirect_uri': 'https://www.********.com/*****/',
}
However, for privacy and security purposes I want to set restrict the scope to only being able to read and reply to emails from a specific domain.
Is it possible to modify the scope to only allow the permissions within for emails to/from a certain domain?
No.
Here's the list of scopes available for the Gmail API.
As of the time of writing this answer, none of them let you define this kind of access restriction. In fact, none of them support anything that can even resemble row- or object-level security. You either have the ability to perform the action described in the scope, or you don't - and if you have it, then you have it universally.