Google Calendar OAuth Scope Request

Hi -

Currently the Google Calendar OAuth API asks for the following permission from the users: “See, edit, share, and permanently delete all the calendars you can access using Google Calendar”

This “reads” very intrusive and might raise concerns with some privacy focused users - especially “permanently delete all the calendars” part. Is there a need to get the maximum scope permission for users calendar management?

Is it possible for Jitsi to manage with just “read and update” scope for Calendar? If yes, can I make the change in the code directly without npm and install? Thank you!

Hi there!

Currently we are using the scope. Looking at I think we might be able to work with and

What we need is basically to list events and modify them. It’s possible it works with those 2 alone. The change needs to happen here: but you’ll need to rebuilt Jitsi Meet in order to test it out.

@damencho (when you’re back, no rush) Do you remember why we chose the broadest scope and do you think my reasoning above makes sense?

1 Like

Hi @saghul

Thank you for the pointers.

It worked with just this scope request I’m able to view and edit calendar.

Your link the file above is looking for constants defined here

Thanks for giving it a shot! Can you send a PR so we can discuss making the change?

Sure thing @saghul. I don’t know how to create the PR but I will look into it and send one soon.

1 Like

Please note that the following scopes are required for Google calendar to work with Jitsi as @saghul pointed out above. Just alone is not enough. AND

Shrinking the scopes used seems fine. We will just have problem after updating, as it will start showing unverified app window for new users that give access to the calendar, till we not change it and send a video to Google how to test it and what does it looks like.

Thanks for chiming in @damencho!