When requesting user permission to access user data or other resources, you can request all scopes up-front in the initial request or request scopes only as needed, using incremental authorization. Using incremental authorization, your app initially requests only the scopes required to start your app, then requests additional scopes as new permissions are required, in a context that identifies the reason for the request to the user.
For example, suppose your app lets users save music playlists to Google Drive; your app can request basic user information at sign-in, and later, when the user is ready to save their first playlist, ask only for Google Drive permissions.
Use this technique if you suspect users are not signing in because your consent screen is overwhelming, or are confused about why they are being asked for certain permissions. The following instructions are for the web, and are derived from the instructions for adding a client-side sign-in button: Building a Google 2.0 Sign-In button. You can read more about incremental authorization for the web in the OAuth 2.0 documentation.
Requesting additional scopes
At sign-in, your app requests "base" scopes, consisting of the sign-in scope
profile plus any other initial scopes your app requires for operation.
Later, when the user wants to perform an action that requires additional
scopes, your app requests those additional scopes and the user authorizes only
the new scopes from a consent screen.
Step 1: Request base scopes
Request the base scope profile when you initialize Google Sign-In. This
step is included in
Building a Google 2.0 Sign-In button.
auth2 = gapi.auth2.init({
client_id: 'CLIENT_ID.apps.googleusercontent.com',
cookiepolicy: 'single_host_origin', /** Default value **/
scope: 'profile' }); /** Base scope **/
Step 2: Request additional scopes
Wherever additional scopes are needed, request them by constructing an options
builder with the scopes you want to add and then calling user.grant({scope:
[OPTIONS BUILDER]}).then(successFunction, failFunction);:
const options = new gapi.auth2.SigninOptionsBuilder();
options.setScope('email https://www.googleapis.com/auth/drive');
googleUser = auth2.currentUser.get();
googleUser.grant(options).then(
function(success){
console.log(JSON.stringify({message: "success", value: success}));
},
function(fail){
alert(JSON.stringify({message: "fail", value: fail}));
});