Skip to content

Fix Gmail OAuth callback scope handling#16

Merged
muneeb-anjum0 merged 1 commit into
mainfrom
codex/fix-oauth-scope-callback
Jun 22, 2026
Merged

Fix Gmail OAuth callback scope handling#16
muneeb-anjum0 merged 1 commit into
mainfrom
codex/fix-oauth-scope-callback

Conversation

@muneeb-anjum0

Copy link
Copy Markdown
Owner

Root cause

Google returned legacy granted scopes including gmail.send. OAuthlib raised after exchanging the one-time code, and the callback retried the already-consumed code, causing authentication to fail.

Fix

  • stop including legacy granted scopes in new authorization requests
  • accept Google's scope normalization
  • exchange each authorization code exactly once
  • keep new Gmail access read-only

Stop carrying legacy Gmail permissions into new authorization requests and exchange each one-time OAuth code exactly once.
@vercel

vercel Bot commented Jun 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
timetable-wizard Ready Ready Preview, Comment Jun 22, 2026 2:50pm

@muneeb-anjum0
muneeb-anjum0 merged commit 441dd98 into main Jun 22, 2026
3 checks passed
@muneeb-anjum0
muneeb-anjum0 deleted the codex/fix-oauth-scope-callback branch June 22, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant