Bit of an odd one. I have an endpoint to log the user into Google and grant the Google Drive authentication scope for access to a user's drive account. This is said function
if(Auth::check() && $profile->abilities()->contains('manage_docs') && $request->input('redirect_uri') && $request->input('community')) {
$scopes = [
'https://www.googleapis.com/auth/drive',
];
return Socialite::driver('google')->scopes($scopes)->with([
'state' => "sso.redirect.uri=" . $request->input('redirect_uri'). "&type=documents",
"access_type" => "offline",
"prompt" => "consent select_account"
])->redirect();
}
When a user hits this endpoint, they get redirected to Google. Users are reporting they see that they are being asked to grant access to Google Drive from my application, however their credentials do not have the above listed scopes. However, if they remove the Google Account and resign in (using the same method), they get the required scopes..
Tldr, first pass through this method doesn't add the scope, 2nd time through grants correct scopes.
If in doubt, doubt the user's ability to press the tick box to grant the auth scope...