Google apps marketplace #5 best practice says users shouldn't see the consent screen after an admin installs the app. I have been trying get this working on a Rails app using devise and omniauth-google-oauth2 for authentication. I have setup the app in test domain using an admin account. But non-admin users always see the consent screen. Any idea how to avoid it? https://github.com/zquestz/omniauth-google-oauth2 has some help; but setting any of the options specified there didn't help.
My config looks like below:
config.omniauth :google_oauth2, "code", "code", { access_type: "online", approval_prompt: "none", include_granted_scopes: "true", prompt: "select_account" }
Specifying scopes like "email,profile,calendar,https://www.google.com/m8/feeds/" gives the following error:
Error: invalid_scope
Some requested scopes were invalid. {valid=[https://www.googleapis.com/auth/calendar, https://www.google.com/m8/feeds/], invalid=[https://www.googleapis.com/auth/profile, https://www.googleapis.com/auth/email], noncanonical=[https://www.google.com/m8/feeds/(https://www.googleapis.com/auth/contacts)]}
Adding
to the list of scopes in "Google Apps Marketplace SDK" solved the issue. When the domain admin installs the app rest of the domain users will not see the consent screen.
Even my omniauth config is simplified now. It looks like below:
config.omniauth :google_oauth2, "XXX.apps.googleusercontent.com", "YYY", { access_type: "online", approval_prompt: "none", include_granted_scopes: "true" }