Assistance Required for OAuth Scopes with Supabase Authentication

[Ezles]

Hi,

I am currently working on an application that uses Supabase to manage Google OAuth authentication, and I am facing an issue related to the permissions (scopes) required to send emails via the Gmail API. Here is a summary of my issue and related questions:

1. Problem Context:

   • I have set up Google OAuth authentication using Supabase and successfully obtain an access token.
   • However, the generated token does not include the required scope to use https://www.googleapis.com/auth/gmail.send, leading to an error when attempting to send emails via the Gmail API.
   • Despite explicitly adding this scope in the options (see code below), the obtained token does not have the required permissions.

2. Questions:

   • Is it possible with Supabase to specify additional scopes (e.g., https://www.googleapis.com/auth/gmail.send) when configuring an OAuth provider?
   • If yes, could you provide an example or detailed instructions to set this up?
   • If this is not directly possible with Supabase, is there any recommended alternative approach to handle this use case while staying compatible with Supabase?

3. Current Code:
   Below is a snippet of my current implementation for requesting authentication:

export async function requestGmailLogin() {
  try {
    const response = await fetch(
      "http://localhost:8080/api/auth/google-login",
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
        },
        body: JSON.stringify({
          provider: "google",
          options: {
            redirectTo: "http://localhost:3000/auth/callback/google",
            queryParams: {
              access_type: "offline",
              prompt: "consent",
              scope: "email profile https://www.googleapis.com/auth/gmail.send",
            },
          },
        }),
      }
    );

    if (!response.ok) {
      throw new Error("Failed to login with Google.");
    }
    return await response.json();
  } catch (error) {
    console.error("Error during Google login:", error);
    throw error;
  }
}

And for sending emails:

const sendEmail = async (
  recipientEmail: string,
  subject: string,
  message: string
) => {
  if (!userToken || !userId) {
    console.error("User token or user ID is not available");
    return;
  }

  const rawEmail = `
From: [email protected]
To: ${recipientEmail}
Subject: ${subject}

${message}
  `;

  const encodedEmail = btoa(rawEmail)
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=+$/, "");

  try {
    const response = await fetch(
      `https://www.googleapis.com/gmail/v1/users/${userId}/messages/send`,
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${userToken}`,
        },
        body: JSON.stringify({ raw: encodedEmail }),
      }
    );

    if (!response.ok) {
      const errorData = await response.json();
      console.error("Error sending email:", errorData);
      throw new Error("Failed to send email.");
    }

    console.log("Email sent successfully!");
  } catch (error) {
    console.error("Error during email sending:", error);
  }
};

4. Error Encountered:
   Here is the error I receive when attempting to send an email using the Gmail API:

Request had invalid authentication credentials. Expected OAuth 2 access token with proper scopes.

I would greatly appreciate it if you could provide clarification on these points. Any documentation or guidance would also be very helpful.

Thank you in advance for your support!

Best regards,
Ezles