Google started making important changes to user's auth flow : 2018 post about scopes granularity
And here is another blog post about it on 2021 : 2021 post about scopes granularity
Recently (last week) I have received this from Google, but I can't find anything recent and related online :
In the new flow, users are required to proactively check which scopes they want the app to access when there is more than one scope being requested, previously these scopes would be automatically selected and no user action was required.
So this is the "history of changes" in consent screen pop-in:
I'm I right?
Currently, our app uses Google Sign-In JavaScript platform library and there are no checkboxes on multiple scope access requests (still the old way).
If we migrate to Google Identity Services for Web (to do before 31 March 2023), will we see this new type of consent screen? Otherwise, I don't understand where is the limit between these two versions.
After a few days, I got a couple of answers :
** recently : I don't have an exact date
So if you are creating a new project, you probably want to handle the minimum required scopes after the consent screen. And ask for optional scopes while the users navigate through your app.
There is no change you need to make to your app. However, we recommend using incremental authorization and requesting only one resource at the time your app needs it. We believe that doing this will make your account data request more relevant to the user and therefore improve the consent conversion. Read more about incremental authorization in our developer guides.