Search code examples
firebasegoogle-chrome-extensiongoogle-drive-apigoogle-oauth

How to force the Google API/OAUTH consent screen?

I have a Chrome Extension that, in the manifest, includes the Drive API. On install, when the user opens a Google Doc, background.js pops the consent screen to get the user's permission to access their Google Drive.

This works fine on install. But if the user removes the app from Drive the code does NOT pop the consent screen again - it just gets a token and tries Drive only to get a 401 error.

I would have thought the auth call would pop consent if it isn't granted...

Obviously if a user removes your app you shouldn't keep asking for permission, necessarily - I'm just trying to deal with the simplest situation for now.

Some of my users never saw the consent page, or saw it and closed it...and are not prompted again.

Manifest: 

"oauth2": {
        "client_id": "xxxxxxxxxx-smaehlat7c66p1ns6t90ssj3jmlrrecm.apps.googleusercontent.com",
        "scopes": [
            "https://www.googleapis.com/auth/userinfo.email",
        "https://www.googleapis.com/auth/userinfo.profile",
            "https://www.googleapis.com/auth/drive.readonly"
      ]
  },

Background.js:

googleFileID = getIdFromUrl(activeURL);

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {

  console.log('In Chrome Identity and obtained token: ' + token);

  $.ajax({
    type: "GET",
    beforeSend: function(request) {
      request.setRequestHeader("Authorization", "Bearer " + token);
    },
    url: "https://www.googleapis.com/drive/v3/files/" + googleFileID + "?fields=owners",
    dataType: 'json',
    processData: true,
    success: function(gDocsMeta1) {
      // DO STUFF

Google API Console: I have set up the API and can see traffic, although 10% of my traffic is errors, which I attribute to the above problem.

I use Google Firebase for user authentication...if that is relevant. While some of my users opt for Google Authentication to create accounts, many use email signup. The problem afflicts both types of sign ups.

Any help appreciated!

Solution

  • When you receive a 401 error as response, you have to remove the invalid token from cache using chrome.identity.removeCachedAuthToken({token:oldToken}) before calling chrome.identity.getAuthToken({interactive: true} ...) again.