Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google Drive OAuth 2 flow giving invalid_scope error

Tags:

google-drive-api

My Google Drive app requests the following scopes when exchanging a code for an access token:

https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/drive.install

In particular, this is the query string of the URL that is eventually being requested from Google during the exchange:

code=XXXXXXXXXX&grant_type=authorization_code&redirect_uri=XXXXXXXXXXX& scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file+ https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.install &client_id=XXXXXX.apps.googleusercontent.com&client_secret=XXXXXX

The response is a 400 error, with the error message "invalid_scope". What am I doing wrong?

[Edit] Additional information:

The error only happens when the user clicks through from Google Drive to create a new document. If I initiate the authentication/authorization flow from my own app, the list of scopes is accepted just fine. If the user clicks through the actual Drive app to create a new document, I get invalid_scopes.

The invalid scope is drive.install. If I remove that from the list of requested scopes when the user shows up to create a new document, things start working again. Does that make any sense at all? If the user has the Drive app installed already via us requesting that scope, why would requesting that same scope when the user shows up from the Drive app cause a problem of any kind?

like image 341
Ben Dilts Avatar asked May 19 '13 09:05

Ben Dilts

1 Answers

I experienced a similar problem. The solution was to pass an array of scopes to the google client:

google_client.authorization.scope=[
'https://www.googleapis.com/auth/calendar.readonly',
'https://www.googleapis.com/auth/drive.appdata']

rather than a concatenated string of scopes 

google_client.authorization.scope="https://www.googleapis.com/auth/calendar.readonly%2Bhttps://www.googleapis.com/auth/drive.appdata"

The GET request in the Rails log looked identical, but the result was very different!

like image 176
kpg Avatar answered Sep 28 '22 00:09

kpg
Sign in to Comment

Related questions

How can an IOS app access Google Drive files
GoogleAccountCredential reuse auth - Google Drive
Copy file into a specific parent folder with Google Drive API?
Why are there two different URL formats for Google spreadsheet documents?
Google spreadsheet cell reference from value of another cell
google drive API allows duplicates?
Google Drive Query issue with single quote and back slash
From colab directly manipulate sqlite3 format data in Google drive
pydrive get only folders from list
How can I search custom file properties using the Google Drive API?
Dart / flutter: download or read the contents of a Google Drive file
How to access the "Shared with me" root list with Google Drive SDK?
Publish a Google Drive Website with custom Domain [closed]
How to let anonymous users edit a Google Drive Realtime document?
Google Drive Realtime API OAuth2 Refresh Errors
Migrating from DocsList to DriveApp?
GoogleWebAuthorizationBroker in MVC For Google Drive Access
Android Google Drive SDK - how to show list of files in selected folder
Unable to open Google xlsx spreadsheet / Also Google Drive permission Blocked
Create folder in google drive with google-drive-ruby gem

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!