Menu
We're using the hybrid auth flow, such that the client is requested for incremental grants via JS and the resulting code is passed up to our API server for processing.
What we need is one of:
Which scopes are available to a user, either via refresh token or access token
A way to include the current scopes in the $client->authenticate($code) response (so we can store them with the refresh token)
A way to determine which scope was just granted in the response from Google to $client->authenticate($code) (so we can append it to a stored list for that user)
We would like to present a list on the integrations page for the user to opt in to each feature (calendar, contacts, drive) and present a clear list of which features are enabled, in addition to prompting if they access a not-yet authorized feature. Even aside from that, I can't believe this isn't "a thing."
737
Was in the same position as you...If you hit: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
it will return a JSON response which has a "scope" parameter, which is a space-separated list of all granted scopes for the access token.
151
While I realize this is somewhat old now, for those finding this via Google from here on, it's probably worth noting that the access token bundle, as received back from, for example, PHP client library method $client->fetchAccessTokenWithAuthCode($_GET['code']), actually contains a list of the active scopes, with key "scope". You should be able to parse that without any need for further API calls.
Here's an example of what my access token bundle looks like:
{
"access_token": "xxxxxxxxxxx",
"expires_in": 3600,
"refresh_token": "xxxxxxxxxxxx...... ",
"scope": "https:\/\/www.googleapis.com\/auth\/userinfo.profile openid https:\/\/www.googleapis.com\/auth\/userinfo.email",
"token_type": "Bearer",
"id_token": "xxxxxxxxx...... ",
"created": 1576300135
}
Note the "scope" parameter in the above.
This doesn't appear to be documented anywhere.
Like you, some years later, I haven't yet found a client library method that supplies this functionality; and you're right, it seems rather basic (actually, a function to compare two lists of scopes would be ideal, including account for the expansion of 'profile' and 'email' scopes, hint hint Google folks!).
[apologies for switching to PHP for the example, but I suspect the access token bundle format is identical, so a similar approach should be possible]
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
