https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/
This is an extremely clever phishing attack because it uses a legitimate Google login page and oauth prompt to gain access to the Gmail accounts of unsuspecting users. And most users likely click allow without thinking twice - when you think about it, it certainly is suspicious for a Google service to request permission to itself, but considering how often I use my Google account to login to various websites and apps, I doubt I would have thought twice if I was presented with this, and I consider myself somewhat aware of these scams.
Since this gives the attacker access to your Gmail account, not only can they start spamming all your contacts, but they can also read your existing emails. I have not yet gotten one of these, but my university's IT department has sent out warning messages because apparently at least one person has, and they clicked on it.