在这里抛弃我的是关键字附加。用户每次与Google登录时都会看到此屏幕。他们不应该只看到一次(第一次)吗?
我正在使用 Google 3P授权javascript库对于网站。
我跟随
对我来说,屏幕上显示“其他访问”似乎很奇怪,但然后没有列出任何其他权限请求。
有人知道会导致这一点吗?还是这是预期的行为?
What is throwing me off here is the keyword additional. Users are seeing this screen every time they sign in with Google. Shouldn't they only see it once (the first time)?
I'm using the Google 3P Authorization JavaScript Library for websites.
I followed this documentation in my implementation.
It just seems weird to me that the screen says "additional access" but then doesn't list any additional permission requests.
Anyone have any idea what could be causing this? Or is this the expected behavior?
发布评论
评论(2)
我认为这是由选定的范围引起的。范围是访问令牌允许的一组资源和操作。
阅读您遵循的文档,已选择一个范围以读取日历:
但是默认范围是电子邮件( https://www.googleapis.com/auth/userinfo.email )和profile( https://www.googleapis.com/auth/userinfo.profile ),所以这就是为什么出现屏幕并要求其他访问权限的原因。
请尝试更改范围。
有关Google oauth范围的更多信息:
I think that is caused by the selected scopes. An scope is the set of resources and operations that an access token permits.
Reading the documentation you followed, it has been selected an scope to be able to read the calendar:
But the default scope is email (https://www.googleapis.com/auth/userinfo.email) and profile (https://www.googleapis.com/auth/userinfo.profile) so this is why that screen appears and asks for additional access.
Try to change the scope, please.
More information about google OAuth scopes: https://developers.google.com/identity/protocols/oauth2/scopes#oauth2
对我有用的解决方案是添加
includ_granted_scopes:falseinitcodeclient“需要其他访问”屏幕在我部署此更改后消失了。
我猜这是有道理的,因为标志控制该应用程序是否会
请求访问其他范围。 docs> docsThe solution that worked for me is to add
include_granted_scopes: falsetoinitCodeClientThe "needs additional access" screen went away after I deployed this change.
I guess this makes sense since the flag controls whether the app will
request access to additional scopes. The docs say