Scope for OAuth2 not as narrow as documented

[FlxVctr]

The README says, OAuth2 should only give permissions to send. However it goes beyond that, actually gives full control over account.

I guess the scope has to be changed to https://www.googleapis.com/auth/gmail.send here

[kootenpv]

The problem is that in fact I've tried limiting the scope many times, but it then doesn't work. It's a bug in gmail I'm sure by now (less open permissions simply don't work).

FWIW: my recommendation is to use an app-specific password instead of OAuth2

[FlxVctr]

K, thx for the quick reply!

[FlxVctr]

Maybe still update the README, though :)