How to set Gmail OAuth for ONLY READ?

Questions
1

Hey guys,

For some reason, the authentication isn’t successful (but only restricted) unless I give it full consent, including sending emails and stuff.
How do I limit it only to read, labels, body, and stuff of READ-ONLY?

Thanks..

2

Hello @sondre

n8n’s default Gmail credential includes full access scopes. To limit access:

Use a Service Account (with domain-wide delegation) for secure, read-only email access.

Or configure a custom OAuth2 credential and list only the specific read-only scopes.

3

Thanks,
this is what I did, as you can see here:

image
image553×1168 56.5 KB

But as soon as I press the “sign in”, and select the user, it only works if I grant full permission. Otherwise it says forbidden 403 error.

4

you need to create custom OAuth2 credential for your problem.

2 Likes
5

As @cutecatcode said, even though your Google Cloud project is correctly limited to read-only scopes, the built-in Gmail credential in n8n automatically injects additional scopes like gmail.modify and gmail.compose. If you don’t accept them, Google throws a 403 error.

  1. Go to Credentials → New → OAuth2 API
  2. Fill in:
  • Auth URL: https://accounts.google.com/o/oauth2/v2/auth
  • Access Token URL: https://oauth2.googleapis.com/token
  • Client ID / Secret: from your Google Cloud project
  • Scope: readonly
  • Set access_type=offline and prompt=consent in OAuth options.

This way, you’re fully controlling what’s requested, no hidden Gmail scopes added by n8n.

3 Likes
6

Thank you very much for you answer.
If I understand correctly, I’d need to create some HTTP Request for each operation:
read messages, labels, modify labels, create a label, right?
It makes me create these commands that are already fulfilled within the GMAIL API.
If so, I don’t get why the Gmail API integration in n8n can’t just allow me to set readonly permissions, and force me to implement each request separately.

1 Like
7

The nodes created by the vendors have been set up to have quick actions without the use of code, but they are limited and have well-defined boundaries.
They are used for quick actions and to expand the use of n8n even to less technical people.

That’s why there are HTTP nodes that give you the freedom to do whatever you want.

1 Like
8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.