Using the Gmail API. It uses OAuth to authenticate. Google Cloud lets you create a custom OAuth login box for your “app”. You download a JSON file and the Python client code reads that and sends the user to a web browser to go through the OAuth flow. Then some kind of bearer token is stored in a dot file and your code has access to your Gmail…

Releasing a public app that has Gmail access requires a very expensive security audit by Google. But for a private internal app, of course you don’t need the audit.