Stay organized with collections
Save and categorize content based on your preferences.
When requesting user permission to access user data or other
resources, you can request all scopes up-front in the initial request or
request scopes only as needed, using incremental authorization.
Using incremental authorization, your app initially requests only the scopes
required to start your app, then requests additional scopes as new permissions
are required, in a context that identifies the reason for the request to the
user.
For example, suppose your app lets users save music playlists
to Google Drive; your app can request basic user information at sign-in,
and later, when the user is ready to save their first playlist,
ask only for Google Drive permissions.
Use this technique if you suspect users are not signing in because your
consent screen is overwhelming, or are confused about why they are being asked
for certain permissions.
The following instructions are for the web, and are derived from the
instructions for adding a client-side sign-in button:
Building a Google 2.0 Sign-In button.
You can read more about incremental authorization for the web in the
OAuth 2.0 documentation.
Requesting additional scopes
At sign-in, your app requests "base" scopes, consisting of the sign-in scope
profile plus any other initial scopes your app requires for operation.
Later, when the user wants to perform an action that requires additional
scopes, your app requests those additional scopes and the user authorizes only
the new scopes from a consent screen.
auth2=gapi.auth2.init({client_id:'CLIENT_ID.apps.googleusercontent.com',cookiepolicy:'single_host_origin',/** Default value **/scope:'profile'});/** Base scope **/
Step 2: Request additional scopes
Wherever additional scopes are needed, request them by constructing an options
builder with the scopes you want to add and then calling user.grant({scope:
[OPTIONS BUILDER]}).then(successFunction, failFunction);:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-06 UTC."],[[["\u003cp\u003eThe Google Sign-In JavaScript Platform Library is deprecated; developers should migrate to the Google Identity Services library for user authorization and access tokens.\u003c/p\u003e\n"],["\u003cp\u003eFedCM APIs will become mandatory for the Google Sign-In library, requiring developers to conduct an impact assessment.\u003c/p\u003e\n"],["\u003cp\u003eIncremental authorization allows developers to request user permissions in stages, starting with basic scopes and requesting additional scopes as needed, improving user experience.\u003c/p\u003e\n"],["\u003cp\u003eTo implement incremental authorization, request the 'profile' scope initially and add further scopes like 'email' or 'drive' using \u003ccode\u003egapi.auth2.SigninOptionsBuilder\u003c/code\u003e and \u003ccode\u003euser.grant()\u003c/code\u003e when required.\u003c/p\u003e\n"]]],[],null,["# Requesting additional permissions\n\n| **Warning:** The Google Sign-In library optionally uses FedCM APIs, and their use will become a requirement. [Conduct an impact assessment](/identity/sign-in/web/gsi-with-fedcm) to confirm that user sign-in continues to function as expected. \n|\n| Support for the Google Sign-In library is deprecated, see the [Deprecation and Sunset](/identity/sign-in/web/deprecation-and-sunset) guide for more.\n| **Warning:** We are [discontinuing the Google Sign-In JavaScript Platform Library for web](https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html). For user authorization and to obtain access tokens for use with Google APIs, use the newer [Google Identity Services JavaScript library](/identity/oauth2/web/guides/overview) instead. For existing implementations see [Migrate to Google Identity Services](/identity/oauth2/web/guides/migration-to-gis).\n\nWhen requesting user permission to access user data or other\nresources, you can request all scopes up-front in the initial request or\nrequest scopes only as needed, using *incremental authorization*.\nUsing incremental authorization, your app initially requests only the scopes\nrequired to start your app, then requests additional scopes as new permissions\nare required, in a context that identifies the reason for the request to the\nuser.\n\nFor example, suppose your app lets users save music playlists\nto Google Drive; your app can request basic user information at sign-in,\nand later, when the user is ready to save their first playlist,\nask only for Google Drive permissions.\n\nUse this technique if you suspect users are not signing in because your\nconsent screen is overwhelming, or are confused about why they are being asked\nfor certain permissions.\nThe following instructions are for the web, and are derived from the\ninstructions for adding a client-side sign-in button:\n[Building a Google 2.0 Sign-In button](/identity/sign-in/web/build-button).\nYou can read more about incremental authorization for the web in the\n[OAuth 2.0 documentation](/identity/protocols/oauth2/web-server#incrementalAuth).\n\nRequesting additional scopes\n----------------------------\n\nAt sign-in, your app requests \"base\" scopes, consisting of the sign-in scope\n`profile` plus any other initial scopes your app requires for operation.\nLater, when the user wants to perform an action that requires additional\nscopes, your app requests those additional scopes and the user authorizes only\nthe new scopes from a consent screen.\n\n### Step 1: Request base scopes\n\nRequest the base scope `profile` when you initialize Google Sign-In. This\nstep is included in\n[Building a Google 2.0 Sign-In button](/identity/sign-in/web/build-button). \n\n auth2 = gapi.auth2.init({\n client_id: 'CLIENT_ID.apps.googleusercontent.com',\n cookiepolicy: 'single_host_origin', /** Default value **/\n scope: 'profile' }); /** Base scope **/\n\n### Step 2: Request additional scopes\n\nWherever additional scopes are needed, request them by constructing an options\nbuilder with the scopes you want to add and then calling `user.grant({scope:\n[OPTIONS BUILDER]}).then(successFunction, failFunction);`: \n\n const options = new gapi.auth2.SigninOptionsBuilder();\n options.setScope('email https://www.googleapis.com/auth/drive');\n\n googleUser = auth2.currentUser.get();\n googleUser.grant(options).then(\n function(success){\n console.log(JSON.stringify({message: \"success\", value: success}));\n },\n function(fail){\n alert(JSON.stringify({message: \"fail\", value: fail}));\n });"]]