This question is regarding Authorization code and include_granted_scopes
in Google OAuth2 for incrementally changing scope.
In my web application, I ask for basic profile info as the scope:
When a Gmail user signs up with us. After the user preforms some actions, I request additional scopes by setting "include_granted_scopes=true"
in authorization url.
At this point, my authorization url looks like this:
https://accounts.google.com/o/oauth2/auth?client_id=3490600xyz00-xyz....apps.googleusercontent.com&[email protected]&redirect_uri=https://www.example.com/google-signup-callback&response_type=code&scope=https://mail.google.com https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/gmail.compose https://www.googleapis.com/auth/gmail.modify&access_type=offline&approval_prompt=force&state=da503933-8979-409b-988a-24a9542ad98a&redirect=label&include_granted_scopes=true
Now in the oauth callback I get the same "Authorization code
" which I received when I did oauth earlier using basic profile scope. If I try to get the authorization token by calling "https://accounts.google.com/o/oauth2/token" with "grant_type
" set to "authorization_code
", it returns
"Code was already deemed".
Now how do I get the new "Auth token" and "Refresh token" which has the new scope? The old auth token does not have the new scope even if I refresh it using the old refresh token.