Oauth2 authorization pop-up

1
votes

I am testing the installation of a Google Marketplace application from the developer console API.

In the corresponding API project, the following scopes are configured.

https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile

I have installed the app and therefore the admin of the account has authorized the scopes. However when users in my domain log in for the first time, using the universal navigation link they get an authorization pop-up.

I am translating this from french but the pop up says something like:

This app requires your permission to

  • Know who you are on Google
  • Display your email

with 2 buttons : Accept and Cancel

I thought that the admin authorization was sufficient. What did I miss ?

Lou

1
google-apps-marketplace
I am unclear how the OAuth flow was being initiated when clicking on the universal navigation link. ​The link doesn't do anything special, so your application code must be initiating the flow. As for the popup, that could be caused by several issues. Scopes must match (though you've indicated they do,) the admin only authorized a particular Organizational Unit, you're using a different client, you're trying to get a refresh token and probably more. Can you look further at the code that starts the OAuth flow? - jonathanberi
Pseudo code of the OAuth Flow - lfedon
I have the same problem using this scopes with the Google + sign in button. The pop up authorization shows up and Google tells me that I can not show this authorization pop up in a marketplace application after the admin of the domain has installed it and give permission. But I find no information about how I am supposed to do that. - user1930068
I have solved my issue by changing the scopes from &scope=googleapis.com/auth/userinfo.email%20https://www.googleapis.com/… to &scope=googleapis.com/auth/userinfo.email%20https://www.googleapis.com/… - lfedon

1 Answers

0
votes

The issue was mismatched scopes - the ones registered in the console did not match the scopes requested when the OAuth flow was initiated.