What is the difference between setting social permissions in Auth0 vs the Google OAuth consent Screen? Do I need to set both? Auth0’s permissions seem to be less granular.
For example, I want to get permissions for …/auth/calendar.events in google but my only option in auth0 is Calendar which is a broader scope.
From the screenshot you provided the scope settings on the Google side seem to be about which scopes Google itself will allow for the application to access. Within Auth0 it’s about the ones that will be requested when starting a login through Google so setting them in Auth0 only means they are included in the request, but that by itself does not imply they will be given.
In relation to the situation where the available options in the connection settings are not granular enough or don’t include a relatively recent scope you can always consider the possibility listed at (Add Scopes/Permissions to Call Identity Provider APIs) which would give you more fine-grained control.