0

With Google’s new GSI libs, authentication and authorisation are separated. This is somewhat problematic when using the YouTube api for example, as there’s no brand account picker when you simply want to sign in (it’s the main account).

So in order to sign in as a channel, you need to request read scopes for the authorisation flow. Is there a way I can get previously granted scopes in this flow when a user signs in? (For example, if they’ve previously granted write also, I can do different business logic.)

Currently I’m doing (in the read scope auth flow - as "signing in"):

// get the scopes that a user has granted for my app. 
refreshToken = fetchRefreshTokenForUser()
client.setCredentials(refreshToken)
scopes = client.getAccessToken().scopes

However, this doesn’t seem to return the latest scopes. If a user just granted write scopes this might still have older read scopes. Am I missing something here?

Here’s the API. https://cloud.google.com/nodejs/docs/reference/google-auth-library/latest/google-auth-library/oauth2client

(Perhaps granting read scopes erases prior write scopes? I know there's an option of doing incremental scoping which I already do, but I don't want to have to show the user all the scopes they need everytime they just log in.)

Joe
  • 112
  • 7
  • It seems like there'll be a new refresh token everytime new scopes are set (without incremental addition), so it doesn't look like this approach will work. I might follow up here: https://stackoverflow.com/questions/74983130/using-authorized-youtube-apis-with-the-new-google-identity-services-how-do-i-s So I think i'd have to link the parent google account on sign-in somehow to the granted permissions for each channel account... OR I have to ask the user for permissions everytime they sign in, or incrementally for every action. ugh. – Joe Apr 23 '23 at 17:55

0 Answers0