I disagree with your response. You should not need https://www.googleapis.com/auth/gmail.compose . Providing this level of access is still a security risk as Post SMTP would have the ability to read draft emails and delete draft emails that are unrelated to Post SMTP.
I have configured Post SMTP using https://www.googleapis.com/auth/gmail.send and it works perfectly.
When providing traditional SMTP configuration via an SMTP server Post SMTP would only have the ability to send – which is exactly the same access as the API scope I recommended. By providing a traditional SMTP server configuration, Post SMTP could not read the draft folder or delete it’s contents, this would require POP3 or IMAP access.
I implore you to test and implement https://www.googleapis.com/auth/gmail.send
