Google Oauth从访问权限中删除范围 [英] Google Oauth removing scopes from access

问题描述

可以说我有一个应用程序，并且我的应用程序已经运行了多年，要求用户访问.有问题的应用程序正在请求更多的访问权限，或者该应用程序已被更改并且不再需要它所请求的某些范围.

Lets say I have an application and my application has been running for years requesting access of users. The application in question was requesting way more access then was needed or the application has been changed and no longer needs some of the scopes which it is requesting.

违规范围已被删除，因此不再提示新用户访问我们不需要的访问权限.

The offending scopes have been removed so new users are no longer prompted for access that we don't need.

但是，我们现在有一些老用户，其刷新令牌向我们授予了我们不需要的访问权限.我想通过从授权中删除不再需要的作用域来解决此问题.最简单的解决方案可能就是撤销其令牌并要求他们重新授权，但是我认为这对于客户而言是不可接受的.

However we now have a number of older users whose refresh tokens grant us access which we don't need. I would like to fix this by removing the no longer needed scopes from there authorization. The easiest solution would probably be to just revoke their tokens and require that they re-authorize, however i think this would be unacceptable to the customers.

范围示例:

https://www.googleapis.com/auth/analytics 查看和管理您的Google Analytics(分析)数据

https://www.googleapis.com/auth/analytics View and manage your Google Analytics data

应用程序要求完全访问.该应用程序不需要完全访问权限

The application is asking for full access. The application doesn't need full access

https://www.googleapis.com/auth/analytics.readonly 查看您的Google Analytics(分析)数据

https://www.googleapis.com/auth/analytics.readonly View your Google Analytics data

是否可以从授权中删除范围?我知道可以请求其他权限，但是我还没有'无法找到删除过多权限的方法.

Is it possible to remove scopes from authorization? I know it's possible to request additional permissions but i haven't been able to find a way of removing excessive permissions.

推荐答案

您可以通过编辑清单文件来显式设置脚本项目使用的作用域.清单字段 oauthScopes 是项目使用的所有范围的数组.要设置项目的范围，请执行以下操作:

You can explicitly set the scopes your script project uses by editing its manifest file. The manifest field oauthScopes is an array of all scopes used by the project. To set your project's scopes, do the following:

1. 在Apps脚本编辑器中打开脚本项目.
2. 在菜单中，选择文件> 项目属性.
3. 选择范围标签.
4. 查看脚本当前所需的作用域，并确定需要进行哪些更改.完成操作后，点击取消.
5. 如果清单文件 appsscript.json 在左侧导航栏中不可见，请选择查看>显示清单文件菜单项.
6. 在左侧导航栏中选择 appsscript.json 文件以将其打开.
7. 找到标记为oauthScopes的顶级字段.如果不存在，则可以添加它.
8. oauthScopes 字段指定字符串数组.要设置项目使用的作用域，请将此数组的内容替换为您要使用的作用域.例如:

1. Open the script project in the Apps Script editor.
2. In the menu, select File > Project properties.
3. Select the Scopes tab.
4. Review the scopes your script currently requires and determine what changes need to be made. Click Cancel when finished.
5. If the manifest file appsscript.json isn't visible in the left nav bar, select the View > Show manifest file menu item.
6. Select the appsscript.json file in the left nav to open it.
7. Locate the top-level field labeled oauthScopes. If it is not present, you can add it.
8. The oauthScopes field specifies an array of strings. To set the scopes your project uses, replace the contents of this array with the scopes you want it to use. For example:

1. 使用 Ctrl + S 或菜单栏中的保存文件"图标保存清单文件.

1. Save the manifest file using Ctrl+S or the Save file icon in the menu bar.

此处的更多信息: https://developers.google.com/apps-script /concepts/scopes

这篇关于Google Oauth从访问权限中删除范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！