CODEWITHSUNDEEP
pythongoogle-app-engine
Alex
Alex

Reputation: 135

Multiple Scopes using OAuth2WebServerFlow

I want to authorize multiple scopes using OAuth2WebServerFlow(). Here is my current code:

flow = OAuth2WebServerFlow(
    client_id=id,
    client_secret=secret,
    scope= ['scope1','scope2','scope3'],
    approval_prompt='force',
    access_type='offline')

When I am redirected to Google Authorization screen, the only permissions the app is asking for is to "Have offline access". Additionally, I have those scopes turned on in the API Console.

Upvotes: 2

Views: 4600

Answers (1)

Jimmy Kane
Jimmy Kane

Reputation: 16825

From the documentation:

In addition to these OpenID-specific scopes, your scope argument can also include other scope strings. All scope strings must be space-separated. For example, if you wanted per-file access to a user’s Google Drive, your scope might be openid profile email https://www.googleapis.com/auth/drive.file.

So in your case:

scope= 'scope1 ' + 'scope2 ' + 'scope3'

Example: 

scope = ('https://www.googleapis.com/auth/devstorage.read_write ' +
         'https://www.googleapis.com/auth/prediction')

EDIT

As @Greg mentioned:

OAuth2WebServerFlow takes either a string or an iterable of strings, which it turns into the space-separated parameter before constructing the auth-URL.

I tend to use oAuth for the apis (application authorization) and not that much for a user oauth so I forgot that I had observed this at my own apps as well.

If your scope has invalid grants then you will get an error about wrong grants.

Though if you ask for the correct grants most of the times they are combined.

In the following example I am asking about 'https://www.googleapis.com/auth/devstorage.read_write ' + 'https://www.googleapis.com/auth/prediction'

but though I get prompted only for offline access. My application is working fine and permissions are correct. The application does not have more permissions (other apis).

Upvotes: 1

Related Questions