We're using the hybrid auth flow, such that the client is requested for incremental grants via JS and the resulting code is passed up to our API server for processing.
What we need is one of:
Which scopes are available to a user, either via refresh token or access token
A way to include the current scopes in the $client->authenticate($code) response (so we can store them with the refresh token)
A way to determine which scope was just granted in the response from Google to $client->authenticate($code) (so we can append it to a stored list for that user)
We would like to present a list on the integrations page for the user to opt in to each feature (calendar, contacts, drive) and present a clear list of which features are enabled, in addition to prompting if they access a not-yet authorized feature. Even aside from that, I can't believe this isn't "a thing."
Was in the same position as you...If you hit: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
it will return a JSON response which has a "scope" parameter, which is a space-separated list of all granted scopes for the access token.