Java Mail Oauth for gmail: require full mail scope for sending emails only

[javaone199]

JavaMail oauth requires full mail scope for sending email via gmail.

Used scope "https://www.googleapis.com/auth/gmail.send" for authorization. and then got refresh and access token.

Java mail:

transport.connect(host, port, username, access_token);

Got error:

Caused by: jakarta.mail.AuthenticationFailedException: OAUTH2 asked for more at com.sun.mail.smtp.SMTPTransport$OAuth2Authenticator.doAuth(SMTPTransport.java:1121) at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:924)

After changing scope to "https://mail.google.com/" for authorization, it works. But this scope will authorize

send, read, delete all emails.

This scope is too much, no difference from password authentication.