Scopes Management
Scopes express the permissions you request users to authorize for your app and allow your project to access specific types of private user data from their Google Account.
Scopes are categorized into :
- Non-Sensitive - These scopes relate to access to specific read-only data.
- Sensitive - Sensitive scopes are scopes that request access to private user data.
- Restricted - Restricted scopes are scopes that request access to highly sensitive user data. For example, user’s email data.
Requesting for sensitive or restricted scopes will require you to go through the verification process.
You can view the list of all scopes in the OAuth 2.0 Scopes for Google APIs page.
Add a New Scope
To add a new scope, navigate to the Data Access page and click the "ADD OR REMOVE SCOPES" button which will show a view to add a new scope.
Only scopes for enabled APIs are listed in the scopes table. To add a missing scope to the list of scopes, find and enable the API in the Google API Library or use the text box in the Manually add scopes section of the page to add a new unlisted scope.
Note : Certain scopes might be unavailable because usage of these scopes is restricted to projects using HTTPS URLs only. To enable the scopes, edit your OAuth clients and remove non-HTTPS URLs from the Clients page .
Click the "UPDATE" button after selecting all scopes you want to add to your app.
You should see the scopes you added included in the corresponding table in the scopes page depending on the scope classification.
Note : If a new sensitive or restricted scope is added to a list of verified scopes, do not immediately include this scope in the list of scopes in your request to the Google OAuth 2.0 endpoint until it is verified, else users will see an unverified app warning screen.
When requesting sensitive or restricted scopes, you must provide justification for the request. Additionally, you must include a link to a demo video that demonstrates how these scopes will be used.
Remove Scope
If scope is no longer needed, navigate to the Data Access page and click on the delete icon next to the scope you want to delete.
If you remove a scope, ensure the scope is also removed from requests you are making to the Google OAuth 2.0 endpoint. Using an unregistered scope, even if previously verified, will result in the user seeing the unverified app warning screen.