1

I generate a auth link like:

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar.events&prompt=consent&response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fapplication%2Fsettings%2Fgcal&flowName=GeneralOAuthFlow

As you can see I call for the authorization as defined in the documentation here https://developers.google.com/calendar/api/guides/auth however, when I go to auth this is what I am presented with: enter image description here and I thought this might be some new security thing from google but then I look at connecting to other sites and the account works just fine there.

This application is also fully verified for the consent screen.

While doing some comparison between my calls and other site's I notice that mine have /v2/ in the path while others do not. I have tried multiple individual google accounts with same result, but I always get a v2 redirect.

Anyone here know why this happens with v3 accounts and how I can solve it?

Sammaye
  • 43,242
  • 7
  • 104
  • 146
  • The error is that it doesn't auto tick the checkbox which means many don't see they haven't ticked it – Sammaye May 02 '22 at 09:26
  • Never before and on old accounts I still don't have to, only new ones, and also on other sites I don't have to, empirical evidence would state that is simply not true – Sammaye May 02 '22 at 10:20
  • Also the linked question has nothing to do with this one and in fact it anything proves this one, that guy there says the box is ticked but can be unticked, as such that question actually proves my question – Sammaye May 02 '22 at 10:37
  • So, your issue is not that the users have to authenticate in general, but rather the fact that now there are checkboxes while before there weren't any? – ziganotschka May 03 '22 at 07:09
  • @ziganotschka there were checkboxes but they were ticked – Sammaye May 03 '22 at 07:52

1 Answers1

1

Unfortunately, this is the new default behaviour

  • It is realted to the new policy of More granular Google Account permissions with Google OAuth and APIs
  • It is being gradually introduced and is not related to either v2 or v3 accounts are being used but rather will eventually implemented for all accounts
  • Should the user not grant you all the scopes necessary for your Addon to run - you will need to handle it programmatically checking which scopes have been granted and requesting additional scopes if required
  • Best practive would be to make it very clear to your users PRIOR to the app installation that checking all checkboxes is crucial for the correct functionality of the app.
  • There is a very good stackoverflow post that explains the new change more in detail and includes many useful references.
ziganotschka
  • 25,866
  • 2
  • 16
  • 33
  • The only thing is I noticed that post does not mention anything about not selecting the boxes by default but more that they can, I cannot find any refernece to the user having the manually select the checkboxes – Sammaye May 03 '22 at 11:33