Business Case and Scope Definitions for Alyce's Google Email & Calendar Integration
From the Alyce help doc entitled How to Update Inbox and Calendar Integration Team Settings, here is a broad description of the business case for the Google Mail/Calendar integration:
To send digital gift invitations through your Team Member's work email and to book meetings directly to their calendar, Alyce gives your Team Members the ability to connect their inbox and calendar. It is strongly encouraged that your teams connect their inbox and calendar. Once connected to Alyce, digital gift invitations sent through their email will see better deliverability and better overall view rates.
From our Google Email & Calendar Integration FAQs, here are the OAuth scopes required:
Google SignIn - openid, email, profile
In order to send email invitations from the user, this permission is necessary. As mentioned previously, "digital gift invitations sent through their email will see better deliverability and better overall view rates."
Here is the scope definition from Google's GMail API documentation:
https://www.googleapis.com/auth/gmail.send - Send email on your behalf
A key feature here is the ability to create events (meetings) on user calendars as part of the integrated gifting/sales/meeting process. According to Google's API documentation, the "calendar" scope is necessary for event creation. From the section entitled Create events:
In order to successfully create events, you need to:
Set your OAuth scope to https://www.googleapis.com/auth/calendar so that you have edit access to the user's calendar.
Here is the scope definition from Google's Calendar API documentation:
https://www.googleapis.com/auth/calendar - See, edit, share, and permanently delete all the calendars you can access using Google Calendar
Here are the scope definitions from Google's Google Sign-In documentation:
email - See your primary Google Account email address
openid - Associate you with your personal info on Google
profile - See your personal info, including any personal info you've made publicly available
Note that Google's documentation refers to these three non-sensitive items in conjunction as the 'default scope' for authorization. Here is the direct quote:
For the authentication, default scope (email, profile, openid) is sufficient, you don't need to add any sensitive scopes.
Please let [email protected] know if you have additional questions - thank you!