Google PHP API (google-api-php-client) - Always prompting for Offline access access

Question

I have a very basic PHP site that I want to use oauth2 authentication against Google Apps, using the example they provided (below is my version), The user on authentication keeps getting prompted to allow my app offline access to their account, Which I don't want.

$this->gapps_api_client = new Google_Client();
// $this->gapps_api_client->setAccessType('online');
$this->gapps_api_client->setApplicationName( GAPPS_APPLICATION_NAME );
$this->gapps_api_client->setClientId( GAPPS_CLIENT_ID );
$this->gapps_api_client->setClientSecret( GAPPS_CLIENT_SECRET );
$this->gapps_api_client->setRedirectUri( GAPPS_REDIRECT_URI );

$this->oauth2 = new Google_Oauth2Service($this->gapps_api_client);

It's worth nothing I have been playing with "setAccessType" however no values seem to have an effect on this offline permission mode. I've tried leaving it commented out, setting it to "online", "offline" nothing has made a difference.

Anybody else been able to oauth2 authenticate without the user granting your app "Offline access"?

Answer 1

The offline access display is often flagged if you have previously granted an app access, but the app is asking for sign in again (if the consent dialog is being forced or similar). This is due to incremental auth - its trying to hide previously granted scopes.

To test this, try revoking all app access with https://security.google.com/settings/security/permissions and signing in again. You should see the full scopes.

If that is the issue, then it is likely something your users wont see - when they sign in again they should not see a consent dialog unless you are using prompt=force or similar.

You might also want to look at retrieving profile using the Google+ API (this works for all account types): https://developers.google.com/+/api/latest/people/get, and upgrading to the latest version of the PHP library: https://github.com/google/google-api-php-client