8

My app invokes Google Oauth (the app was set up in Google Cloud console). When user is presented with a Google Oauth consent screen, for example, to approve access to adwords api, is there a way of controlling the scopes pre-selection?

Desirable would be to have access to Google adwords pre-selected, and then user, if they wish so, deselect it?

Is there any level of control over it, either programatically or by setup in Google Cloud console?

The problem is that as it currently stands, first time when users see Google Oauth window are presented with the scopes the application asks for, they are checkboxes that are not ticked, and in my experience a lot of users forget to tick them, but application depends on access to them.

enter image description here

So as you can see on above picture, for some scopes I need to explicitly click to allow app access.

enter image description here

Also, above is to show that I am approved for such scopes.

I've seen some other applications where they are just presented to the user as facts (that application is requiring these scopes and user cannot deselect them)

NenadP
  • 585
  • 7
  • 24

2 Answers2

2

The Google consent screen is created by Google's authorization server. You don’t have any control over it. Except for the name and email address that appears above.When you add a scope to your request, Google will request the appropriate permission from the user giving the option to accept it or not. There have been a lot of changes to the consent screen.

If the user doesn’t tick the checkboxes, you need to request the consent again. If your app still needs the scope then it should request access to the user again until they tick the checkbox.

Google can't pre-select scopes for the user, because the user needs to have full control over what permissions to give out.That said, if the user clicks the "Continue" button without selecting any permissions, then a warning popup will be presented asking the user to confirm their intention.

Refer to the OAuth API verification FAQs and Google sign-in docs

Srividya
  • 1,678
  • 3
  • 10
  • 4
    "Google can't pre-select scopes for the user, because the user needs to have full control over what permissions to give out." - If the checkboxes were pre-selected, user could still de-select them. So they would still have full control. It would be friendlier to the user, as there is less clicking needed. – NenadP Oct 13 '21 at 09:13
1

If your users choose not to click the checkboxes there is not thing you can do really beyond requesting consent again. If your application does still need this scope then it should request access of the user again until they choose to click the checkbox or not use your application.

Please see More granular Google Account permissions with Google OAuth and APIs

Check boxes vs circles

You can configure your application to require certain scopes by setting it up in the consent screen on your project. Any scopes added here should be displayed as a circle instead of a checkbox when the consent screen is shown to the user.

enter image description here

Note this worked a while back im not sure if it still works.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Hi DalmTq, I added few images to better illustrate what I experience. It shows that I am approved for the scopes. However, on first interaction of the user with the app, they would see ad words as de-selected (on any subsequent interaction, it would not need to be selected again). But - many users leave it un-ticked. I wonder if there is any control level over it... – NenadP Oct 12 '21 at 13:30
  • 1
    there is not not more then you have already done. Users need to be given the option to grant you access or not. If they choose not to then your only option is to request it again or if your application can function without it do so but inform them you need more permission to function properly. – Linda Lawton - DaImTo Oct 12 '21 at 13:34