Filtering token reports by IMAP usage

[Ian Hyzy]

My company is trying to restrict the number of people using IMAP apps. Google lets you allowlist up to 20 OAuth IDs that are allowed to use IMAP. The app needs to request the root mail scope - https://mail.google.com/ - to use IMAP - it's not a separate scope. 

We have more than 20 apps that request the root mail scope, and I'm trying to find out if there's anything I'm missing where I can see which OAuth IDs are using IMAP. I pulled a token report and filtered it down to apps that use the root scope, but that doesn't help differentiate between apps using the regular GMail API vs IMAP. Any ideas? 

[Ian Hyzy]

* trying to reduce the number of IMAP apps (and only allow "official" clients like Microsoft/Apple), not number of people using the apps