[Google Core] How to handle applications with different scopes

Back to Forums

Rui Lopes

Question

Mobile

Forge

Application Type

Mobile

Hello,

I am analyzing how the Google Core component works together with the Google Login Plugin in the following scenario:

The same user is working with 2 (or more) different applications
Each application has its own Google scopes
The login is made via Google Login Plugin

Suppose there are 2 mobile apps available in the factory (both using the Google Login Plugin):

App A: requires access to the Google Calendar API (scope https://www.googleapis.com/auth/calendar.events)
App B: requires access to the Google Books API (scope https://www.googleapis.com/auth/books)

If a new user named John installs both apps in his mobile device and then logs into App A, an AccessToken (and corresponding RefreshToken) will be stored in the GoogleCore\UserGoogle entity. This AccessToken allows App A to interact with John's calendar events. If John then logs into App B, the new token (for accessing the Google Books API) will not be saved and App B will be using App A's token which was created for a different scope.

I'm not sure if my analysis is correct... Has anyone tried this scenario?

Thanks in advance,

Rui

26 Feb 2021

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines