Menu
I try to post several scope values to allow my application for some google service...
I tried with two input field
<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar" /> <input type="hidden" name="scope" value="https://www.googleapis.com/auth/userinfo.email" /> and with one input field with + separator
<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar+https://www.googleapis.com/auth/userinfo.email" /> When I send my form with only one scope It work. otherwise with sereval scope value google redirect me with this error description :
http://localhost:49972/redirect.aspx#error=invalid_request&error_description=OAuth+2+parameters+can+only+have+a+single+value:+scope&error_uri=http://code.google.com/apis/accounts/docs/OAuth2.html In the google getting started with oAuth2 it works with two scope values.
Here is my code :
<form id="form1" method="post" action="https://accounts.google.com/o/oauth2/auth?" > <div> <input type="hidden" name="response_type" value="code" /> <input type="hidden" name="client_id" value="my client id" /> <input type="hidden" name="redirect_uri" value="http://localhost:49972/redirect.aspx" /> <input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar" /> <input type="hidden" name="scope" value="https://www.googleapis.com/auth/userinfo.email" /> <input type="hidden" name="state" value="/profile" /> <input type="submit" value="go" /> </div> </form> 
483
You don't necessarily need OAuth2 scopes, and you can handle authentication and authorization however you want. But OAuth2 with scopes can be nicely integrated into your API (with OpenAPI) and your API docs.
OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token. For example, an access token issued to a client app may be granted READ and WRITE access to protected resources, or just READ access. You can implement your APIs to enforce any scope or combination of scopes you wish.
OAuth Scopes Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
You were on the right track when you combined them to a single field . There should be only one scope parameter in the request, with the values separated by spaces. If you're putting it in a form like that, the browser will take care of encoding the space for you.
<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email" /> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
