Requested OAuth Scopes

Updated on

When installing EmailShot, the authorization request dialog from Google Workspace does not do a good job explaining why those permissions are needed, resulting in some users bailing out of the installation process. Fair. Let us clarify why those are needed so that you can convince yourself on why it is 100% safe to install EmailShot.

image

In the world of Google Workspace Add-Ons, OAuth scopes play a crucial role in defining the permissions granted to an application. When you install a Google Workspace Add-On, you encounter a list of OAuth scopes that the add-on requests. Let's break down the OAuth scopes for a typical Google Workspace Add-On and understand why each one is requested.

  1. User Email Access:
    • This scope (https://www.googleapis.com/auth/userinfo.email) allows the add-on to access the user's email address. It's a fundamental scope that provides basic user information. We use this information to identify your EmailShots (although the real user address is never stored outside of Google Cloud's infrastracture) and to send you, for example, the welcome email.
  2. Read-Only Access to Current Email Message:
    • With this scope (https://www.googleapis.com/auth/gmail.addons.current.message.readonly), the add-on gains read-only access to the current email message. This is essential for saving the email to Google Cloud Storage so that the EmailShot can be later shared. It is important to note that no data is saved until you create the EmailShot, meaning that we are not saving every email that you open but only those that you explicitly decide to share.
  3. Execute Actions within Gmail:
    • This scope (https://www.googleapis.com/auth/gmail.addons.execute) grants the add-on permission to execute various actions within Gmail. It's necessary for the add-on to perform tasks based on user interactions, enhancing the overall functionality, like providing the User Interface.
  4. Determine User Locale:
    • The https://www.googleapis.com/auth/script.locale scope allows the add-on to determine the user's locale. This helps in providing a more personalized experience by adapting to the user's language preferences.
  5. Make External HTTP Requests:
    • The https://www.googleapis.com/auth/script.external_request scope enables the add-on to make external HTTP requests, facilitating communication with external services or fetching additional data to enhance its capabilities. This enables the add-on to save the email content to Google Cloud Storage and to store email metadata in the EmailShot database by calling our backend API.
  6. Generate Workspace Link Previews:
    • This scope (https://www.googleapis.com/auth/workspace.linkpreview) is specific to Google Workspace and provides the add-on with the ability to generate link previews. Link previews enhance the user experience by providing a glimpse of the content behind a link, ensuring that users can make informed decisions before clicking. You can read more about our Smart Chips feature.

In summary, the requested OAuth scopes for EmailShot are carefully selected to balance functionality and user privacy. Understanding these scopes provides transparency into the permissions you grant when installing an add-on. As always, it's crucial to review and trust the permissions requested by any application to ensure the security of your data and we hope to have clarified any concerns that you might have had when deciding to install EmailShot.