Google Auth adding additional scopes even after setting include_granted_scopes to false

[Roshan Bhandari]

As per the documentation, after we set include_granted_scopes to false, the scopes that user has previously granted should no longer appear in response. But in my case, even after I set it to false, scopes that I previously granted are also returned.

Documentation Link : https://developers.google.com/identity/protocols/oauth2/web-server

This code snippet gives the auth config object:

getAuthorizeConfig(scope: any) { 

      return { 

          client_id: this.clientId,

          scope: scope, 

          response_type: 'permission code', 

          access_type: 'offline', 

          include_granted_scopes: 'false'

      }; 

 }

Returned object from above code snippet has been posted as a message for iframe.

authorize() { 

       var scope = "https://www.googleapis.com/auth/youtube.readonly"; 

       var authConfig = this.googleService.getAuthorizeConfig(scope);                 this.goauthFrame.nativeElement.contentWindow.postMessage(authConfig, '*');

 }

Here is the code for iframe:

<iframe #goauthFrame [src]="goauthFrameSrc | safeUrl" width="0" height="0" frameborder="0" hidden> </iframe>

You can also look at the image: