Google Maps Coordinate OAuth Scope Issue

Question

I am trying to authenticate using OAuth2 with Google Maps Coordinate but I am having an issue when specifying the scope that I want the Auth tokens to be valid for. The URL I am using to request an access code is in this format:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id={client id}&redirect_uri={App URL}&approval_prompt=force&scope=https://www.googleapis.com/auth/coordinate

The issue I am having is that the consent screen just says "This app would like to: Have offline access". It does not mention granting permissions for interacting with Google Maps Coordinate. I am starting to think this a bug on Google's side, because if i try to get a read only token by adding .readonly to the end of the url, the consent screen shows "This app would like to: View your Google Coordinate Jobs". Similarly, if I replace coordinate with docs or drive, I get the correct consent screen where the app requests permissions to access and modify Google Drive content.

If I get a token using the coordinate scope with the "Have offline access" permissions and then use that token to try and make requests to coordinate, I just get "Insufficient Permissions" errors.

The issue only seems to be happening when trying to get an access code for Maps Coordinate. Has anyone else experienced this issue?

Thanks

Answer 1

I think when it shows Offline Access it means you've already accept these permissions before. This has sometimes happened to me, try revoking the old access and try again to obtain fresh tokens. Go to you Google account page (https://www.google.com/settings/personalinfo) --> Security --> Account Permissions --> View All, then search the Maps access and revoke it, then try again

Answer 2

This is not a bug, this is just a strange behaviour (and maybe a bug). (so it may be not 100% correct, what I'm telling)

You use in your request url approval_prompt=force, that means, that the user will always be asked to give permission. What follows is, that you get a refresh token (that doesn't expires, unless the user removes explicitly the permission for your app from his account), which you have to exchange for an access token.

That is also the reason, that you always get only "This app would like to: Have offline access". Once you permitted a specific scope, it won't show up anymore in the consent screen.

The docs and drive consent screens are showing the right, because you didn't give the permsission for them.

I see basically two possibilities for you: don't use approval prompt (and thus skip the consent screen after the first authorization, you will be simply redirected as the user clicked allow, but without clicking allow) or exchange the token to a refresh token.

Or try revoking your permission for your account.