Google Drive OAuth 2 flow giving invalid_scope error
Solution 1
I experienced a similar problem. The solution was to pass an array of scopes to the google client:
google_client.authorization.scope=[
'https://www.googleapis.com/auth/calendar.readonly',
'https://www.googleapis.com/auth/drive.appdata']
rather than a concatenated string of scopes
google_client.authorization.scope="https://www.googleapis.com/auth/calendar.readonly%2Bhttps://www.googleapis.com/auth/drive.appdata"
The GET request in the Rails log looked identical, but the result was very different!
Solution 2
The new google api (at the moment of this answer is posted) requires scope attribute to be one string and scopes separated with white space. So like this
var SCOPES = "https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/gmail.send";
gapi.auth2.init({
client_id:CLIENT_ID,
scope: SCOPES
}).then (...)
Ben Dilts
Updated on July 16, 2021Comments
-
Ben Dilts almost 3 years
My Google Drive app requests the following scopes when exchanging a code for an access token:
https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/drive.install
In particular, this is the query string of the URL that is eventually being requested from Google during the exchange:
code=XXXXXXXXXX&grant_type=authorization_code&redirect_uri=XXXXXXXXXXX& scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file+ https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.install &client_id=XXXXXX.apps.googleusercontent.com&client_secret=XXXXXX
The response is a 400 error, with the error message "invalid_scope". What am I doing wrong?
[Edit] Additional information:
The error only happens when the user clicks through from Google Drive to create a new document. If I initiate the authentication/authorization flow from my own app, the list of scopes is accepted just fine. If the user clicks through the actual Drive app to create a new document, I get invalid_scopes.
The invalid scope is drive.install. If I remove that from the list of requested scopes when the user shows up to create a new document, things start working again. Does that make any sense at all? If the user has the Drive app installed already via us requesting that scope, why would requesting that same scope when the user shows up from the Drive app cause a problem of any kind?