Which Google scopes does Cronofy utilize?
Read as MarkdownCronofy utilizes Google’s OAuth 2.0 to access Google Workspace data about Users, Organizations, Resources and their Calendar data.
When a user is authenticating themselves via Individual Connect, Cronofy requests access to their profile and their calendar.
When using Enterprise Connect to connect your organization, Cronofy requests access to list users & resources, organization information, and calendars.
We are also able to connect with less permissive scopes which give Cronofy access to only the Free/Busy information of a user’s calendar.
Individual Connect #
Cronofy requests the following scopes from individuals when connecting via the Cronofy Google Calendar application for Individual Connect.
- Scopes
- profile
- auth/calendar
- auth/drive.file - Required to attach files to calendar events. See Attachments for more details.
Enterprise Connect #
Cronofy requests the following scopes when connecting via the Cronofy Google Workspace Application for Enterprise Connect.
- User Specific Scopes
- profile
- Workspace and Directory Specific Scopes
- auth/admin.directory.user.readonly
- auth/admin.directory.domain.readonly
- Calendar and Resources (Granted via the Marketplace install)
- auth/calendar
- auth/admin.directory.resource.calendar
Individual Connect (Free/Busy) #
Cronofy requests the following scopes when connecting via Individual Connect Free/Busy.
Enterprise Connect (Free/Busy) #
Cronofy requests the following scopes when connecting via Enterprise Connect Free/Busy.
- User Specific Scopes
- profile
- auth/calendar.calendarlist.readonly
- auth/calendar.events.freebusy
- Directory Specific Scopes
- auth/admin.directory.user.readonly
- auth/admin.directory.domain.readonly
- auth/admin.directory.resource.calendar.readonly
Scopes
email #
Cronofy uses the email scope to identify the user who is authenticating. This allows Cronofy to associate the calendar connection with the correct user account.
profile #
Cronofy uses the profile scope to access basic profile information, such as the user’s name, which is needed to allow Cronofy to act on behalf of the user.
auth/calendar #
Cronofy requires the calendar scope to create, read, update, and delete events in user and room calendars when connecting via Individual Connect or Enterprise Connect Read-Write.
auth/drive.file #
Cronofy requires the drive.file scope to attach files to calendar events. This scope only allows access to files that Cronofy itself uploads — Cronofy cannot read any other files in a user’s Drive.
auth/calendar.calendarlist.readonly #
Cronofy requires calendar.calendarlist.readonly to retrieve the list of calendars in a user’s account. This allows Cronofy to identify which calendars to check for Free/Busy availability.
auth/calendar.events.freebusy #
Cronofy requires calendar.events.freebusy to access the Free/Busy schedule for a given user. This scope only provides visibility into whether a time slot is free or busy — event details such as titles and attendees are not accessible.
auth/admin.directory.user.readonly #
Cronofy requires admin.directory.user.readonly to list users and resources (such as meeting rooms) within your Google Workspace organization. This allows Cronofy to add user accounts and resources for synchronization.
auth/admin.directory.domain.readonly #
Cronofy requires admin.directory.domain.readonly to retrieve the primary domain for your Google Workspace organization. This is used during the verification of the service account connection.
auth/admin.directory.resource.calendar #
Cronofy requires admin.directory.resource.calendar to view and manage conference rooms and other calendar resources within your organization when connecting via Enterprise Connect Read-Write.
auth/admin.directory.resource.calendar.readonly #
Cronofy requires admin.directory.resource.calendar.readonly to view conference rooms and other calendar resources within your organization when connecting via Enterprise Connect Free/Busy. This read-only scope ensures Cronofy cannot make changes to resource configurations.
What are my options for restricting access? #
Connecting with Read-Write permissions provides the most seamless experience — Cronofy is able to create events directly in the calendar and make use of integrated Google Meet conferencing, if available.
When privacy is a concern, the Free/Busy Calendar Access Mode is available (see our docs on Enterprise Connect Free/Busy), whereby only the Free/Busy information from a user’s schedule is granted to Cronofy.
When connecting via Free/Busy, only the status, start, and end times of each event are accessible to Cronofy — event titles, attendees, and other details are not shared.
You may also limit which users’ data Cronofy is able to access by configuring Organizational Units. See the Restricting Service Account Access guide for more details.
Further reading #
Further information about the above listed scopes can be found at Google OAuth 2.0 Scopes.