Google Auth adding additional scopes even after setting include_granted_scopes to false

81 views
Skip to first unread message

Roshan Bhandari

unread,
Sep 1, 2022, 2:36:49 PM9/1/22
to google-api-java-client

As per the documentation, after we set include_granted_scopes to false, the scopes that user has previously granted should no longer appear in response. But in my case, even after I set it to false, scopes that I previously granted are also returned.

Documentation Link : https://developers.google.com/identity/protocols/oauth2/web-server

This code snippet gives the auth config object:

getAuthorizeConfig(scope: any) { 
      return { 
          client_id: this.clientId,
          scope: scope, 
          response_type: 'permission code', 
          access_type: 'offline', 
          include_granted_scopes: 'false'
      }; 
 }

Returned object from above code snippet has been posted as a message for iframe.

authorize() { 
       var authConfig = this.googleService.getAuthorizeConfig(scope);                 this.goauthFrame.nativeElement.contentWindow.postMessage(authConfig, '*');
 }

Here is the code for iframe:

<iframe #goauthFrame [src]="goauthFrameSrc | safeUrl" width="0" height="0" frameborder="0" hidden> </iframe>

You can also look at the image:

google-auth-issue.PNG


Reply all
Reply to author
Forward
0 new messages