IssueTracker

I would like to suggest that the Gmail API allow for more refined scopes. For example, in my case I am making a program that uses the 'https://www.googleapis.com/auth/gmail.metadata' and 'https://www.googleapis.com/auth/gmail.send' scopes. However, my program only interacts with emails from a certain domain. Therefore, I have no need (and I don't want) to have access to read the metadata of emails from any domain and to send emails to every domain; however, as that is the only option, I am forced to use it. It is both less secure and private for users, and also more of a liability for me. Plus, users would presumably be more hesitant to hand over access to their entire email, as opposed to only emails from a certain domain. Additionally, I would assume that this would make the review process easier for Google, and could maybe even allow scopes limited to certain domains to sensitive as opposed to restriction.

If this could be extended to all scopes (such as having the ability to specify that the 'https://www.googleapis.com/auth/gmail.settings.sharing' scope is only being requested to forward emails from a certain domain, etc) that would be even better - but I assume it would be easier (and more realistic) for scopes dealing with emails themselves.

Therefore, my suggestion is that developers be allowed to specify more refined 'subscopes', meaning request a larger scope, but in a more limited fashion. This would not need new scopes to be added, rather the developer could specify how they want to limit the scope - and this would also be reflected on the Oauth consent message that users see.