Our Marketplace app GQueues recently updated our integration with Google Drive to use the less permissive drive.file scope instead of the now “restricted” full drive scope. (This is better for our users, and also means we don’t have to go through the very time-intensive and costly third-party security audit).
We refactored our code to only use the drive.file scope and removed the full drive scope on our OAuth Consent Screen, which then was re-verified by the Google Trust and Safety Team. Our Marketplace SDK App Configuration page currently requests both the drive.file and full drive scope. So the last step is to remove the full drive scope from the App Configuration, so the restricted drive permission is no longer requested when Admins install our app.
What we didn’t know, and could not find anywhere in documentation or searching on the web, was whether removing the full drive scope would then make all the other scopes in our App Configuration invalidated as well. Essentially, would all our Google integrations break for existing installations until admins re-granted access to our app?
To answer this question I created a separate Marketplace app so I could test what happens to existing installations when scopes are added and removed. And I decided to share what I discovered here so others don’t have to go through all this effort to know what happens. Here’s what I learned:
This is all very good news for our situation. This means we can safely remove the full drive scope from our App Configuration so new installs don’t have to grant this permission, while existing installs will continue to work seamlessly, without us having to message Admins to re-grant access to our app.
I recorded a short video where I change scopes in a test app so you can see how this all works with your own eyes.