SUMMARY When I connect my google account to this google drive sync tool, it also asks for access to my youtube, contacts, calendar, hangouts, photos etc. This isn't really neccessary, and also makes me as a user feel wary - why does it ask for all that access? Surely it only ever needs read and write access to google drive. Please change the sync to only ask for permissions to access google drive.
You can remove the permissions you don't need from Plasma's Online Accounts KCM.
I've looked at that, and no, I can't. It has a checkbox for youtube, and one for google drive, but unchecking those does nothing. Still, even if it had worked, it wouldn't have been enough. because a) it still asks for calendar, contacts etc access without it being neccessary b) a big problem is that it asks for all access when you set up the connection, and then you can later constrain it. this doesnt remove the access on the google-account side of things
I'm thinking there needs to be one of these https://cgit.kde.org/kaccounts-providers.git/tree/providers/google.provider.in but with only the gdrive scope claims, then this tool could use that provider instead.
Ah sorry, then we need to fix the KCM. I don't think we should ship another provider file, it's not going to scale.