Problem statement
There are situations when additional scopes (i.e. Google Classroom) would need to be accessed beyond those available in the default UI.
Solution
There are a few steps to access these scopes. First, make sure to have access to Google account’s production keys for the connection.
In addition to making sure google-oauth2 connection has production keys as mentioned previously, do the following to have the connection request the Google Classroom scopes.
- Update the connection via the Management APIv2 to request the Google Classroom scopes as upstream params, along with a Refresh Token if needed. Steps to do this in Google. Note, this only includes a single scope from the Google documentation as an example
{ … “options”: { <… existing options …> “upstream_params”: { “connection_scope”: { “value”: “https://www.googleapis.com/auth/classroom.profile.emails” }, “access_type”: { “value”: “offline” } } } }
-
Guidance on updating the connection via the Management APIv2
-
Have the application get the Google Acces Token by calling GET /api/v2/users/{id}. Find the Google Access Token (and Refresh Token if requested) in the identities array.
-
The application can use the Access Token from step 2 to call the Google Classroom API.
Note: Users will be prompted for consent for the new permissions if this change is made after they have already logged in and given consent to google.