69

I try to post several scope values to allow my application for some google service...

I tried with two input field

<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar" />  
<input type="hidden" name="scope" value="https://www.googleapis.com/auth/userinfo.email" />

and with one input field with + separator

<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar+https://www.googleapis.com/auth/userinfo.email" />

When I send my form with only one scope It work. otherwise with sereval scope value google redirect me with this error description :

http://localhost:49972/redirect.aspx#error=invalid_request&error_description=OAuth+2+parameters+can+only+have+a+single+value:+scope&error_uri=http://code.google.com/apis/accounts/docs/OAuth2.html

In the google getting started with oAuth2 it works with two scope values.

Here is my code :

  <form id="form1" method="post" action="https://accounts.google.com/o/oauth2/auth?" >
    <div>
        <input type="hidden" name="response_type" value="code" />
        <input type="hidden" name="client_id" value="my client id" />
        <input type="hidden" name="redirect_uri" value="http://localhost:49972/redirect.aspx" />
        <input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar" />
        <input type="hidden" name="scope" value="https://www.googleapis.com/auth/userinfo.email" />
        
        <input type="hidden" name="state" value="/profile" />
        <input type="submit" value="go" />
    </div>
    </form>
Improve this question

3 Answers 3

Reset to default
131

You were on the right track when you combined them to a single field . There should be only one scope parameter in the request, with the values separated by spaces. If you're putting it in a form like that, the browser will take care of encoding the space for you.

<input type="hidden" name="scope" value="https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email" />
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I don't have my code until tomorow but thank you evan if it seems weird
currently in 2017 you should use value="https://www.googleapis.com/auth/calendar email"
For the curious, RFC 6749, Section 3.3 defines the scope parameter as The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings.
4

In addition to Steve Bazyl's answer. When applying multiple scopes for the same Google service, order of scopes seems to matter. F.e this string works as expected:

"https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.metadata.readonly"

while this one does not work for me:

"https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/drive"

I have not found any information about that in the docs though.

Improve this answer

Comments

3

You can put all scopes in 1 array for clarity:

 const scopes = [
    'openid',
    'https://www.googleapis.com/auth/userinfo.profile',
    'https://www.googleapis.com/auth/userinfo.email',
    'https://www.googleapis.com/auth/gmail.readonly',
  ]

  const scope = scopes.join(' ')

  console.log(scope)
  // openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/gmail.readonly


  const redirectUri = 'http://localhost:3000'
  const link = `https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&scope=${scope}&response_type=code&client_id=${GOOGLE.clientId}&redirect_uri=${redirectUri}&state=authGoogle`
Improve this answer

1 Comment

Useful to know that the scopes are joined by simple spaces, not commas, etc.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.