I have an application which is using GTMOAuth2ViewControllerTouch
to do the login.
Initially the scope was just using https://www.googleapis.com/auth/userinfo.email
, so the user is already logged in with this permission.
I want to ask for new permissions for https://www.googleapis.com/auth/calendar
So when it retrieves the auth object from the keychain:
GTMOAuth2Authentication *auth = [GTMOAuth2ViewControllerTouch authForGoogleFromKeychainForName:keychainItemName
clientID:clientID
clientSecret:clientSecret];
and this new permission is not in the scope of the auth
object, I try to present again the GTMOAuth2ViewControllerTouch
to extend the scope, but it requires the user to enter credentials again.
I would expect this controller to just ask for the approval of this new permission.
How can I achieve this behaviour? Is it possible with the google-api-objectivec-client
UPDATE:
I have been able to get closer by using GTMOAuth2ViewControllerTouch
's swapInCookies
& swapOutCookies
methods..
For a new installation, these methods would open again the same controller (webview for signing in) and the second time it just asks for permissions, keeping the user away from entering his credentials again.
But the problem now is that the current app, doesn´t swapOutCookies
when the login is completed, so there are no cookies to be swapped into the webview, so it asks for login, when the user was supposed to be already logged in.
You can append new scopes using the
GIDSignIn
shared instance by callingscopes
and then callingsignIn
to request consent. More information can be found on the Requesting additional scopes in the iOS Google Identity documentation.An example provided for requesting additional scope would be