Problem statement
There are situations when additional scopes (i.e. Google Classroom) would need to be accessed beyond those available in the default UI.
Solution
There are a few steps to access these scopes. First, make sure to have access to Google account’s production keys for the connection.
In addition to making sure google-oauth2 connection has production keys as mentioned previously, do the following to have the connection request the Google Classroom scopes.
- Update the connection via the Management APIv2 to request the Google Classroom scopes as upstream params, along with a Refresh Token if needed. Steps to do this in Google. Note, this only includes a single scope from the Google documentation as an example
{
...
"options": {
<... existing options ...>
"upstream_params": {
"connection_scope": {
"value": "https://www.googleapis.com/auth/classroom.profile.emails"
},
"access_type": {
"value": "offline"
}
}
}
}
-
Guidance on updating the connection via the Management APIv2
-
Have the application get the Google Access Token by calling GET /api/v2/users/{id}. Find the Google Access Token (and Refresh Token if requested) in the identities array.
-
The application can use the Access Token from step 2 to call the Google Classroom API.
Note: Users will be prompted for consent for the new permissions if this change is made after they have already logged in and given consent to google.