So in light of the roll out of a granular OAuth consent screen in June, I decided to try enableGranularPermissions and ran into a problem. I need grantedScopes so that future calls to getAuthToken with interactive: false would work:
I can save them in chrome.storage.sync, but, if for whatever reason it’s lost (extension was reinstalled, removed on accident, server error), I’d be stuck because without the correct scopes, getAuthToken above returns undefined, and the next time it's called with interactive: true, there will be no checkboxes to pick whatever necessary, because it will be counted as a second call.
It seem to be possible on iOS:
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bb6e07f0-b366-4c40-bf3d-d683a1be0ba9n%40chromium.org.
Thanks so much for the answer. I tried that, but unfortunately it throws an error: "OAuth2 not granted or revoked." the only thing that helps is specifying a `scopes` array
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/eb5f372d-8a61-4335-9031-4cc4f07ed8bbn%40chromium.org.
Thank you for an extensive reply, very helpful, so it confirms that I’m moving in the right direction.
Previously all I was saying was that if someone needs a grantedScopes array laying around to maybe show a warning in the UI, or disable a button, or what have you, depending on what scopes were chosen, it might be convenient, if there was an easy access to it. For example, I have a logout functionality and I think I need a token for all scopes (or maybe it’s possible to call revoke for each scope (?)), this is how it looks:
So I wrote a function to get all available scopes:
Similarly the logic could be simpler if there was a flag to send already granted scopes automatically, but as you wrote, I can pass a specific scope(s) as an argument, it’s not that hard, so this feature is not as important as identity.grantedScopes. In my case I don't need to ask for more permissions interactively, because without the second scope it's going to work just fine, the only difference is in an input field there will be no autocomplete, so emails have to be typed fully manually. Previously I had a customFetch function that would call dubious fetchToken to add it to the headers, for now it determines which individual scope to pick based on the url: