The user can authenticate with Google and grant the requested permissions. The redirect includes an access token, which your app verifies and then uses to make API requests.
Note: Given the security implications of getting the implementation correct, we strongly encourage you to use OAuth 2.0 libraries when interacting with Google's OAuth 2.0 endpoints.
By requesting access to user data in context, via incremental authorization, you help users to more easily understand why your application needs the access it is requesting. Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response.
The server returns the exact value that you send as a after the user consents to or denies your application's access request.
The client object identifies the scopes that your application is requesting permission to access.
These values inform the consent screen that Google displays to the user.
The Choosing access scopes section provides information about how to determine which scopes your application should request permission to access.
For example, an application can use OAuth 2.0 to obtain permission from users to store files in their Google Drives. It is designed for applications that access APIs only while the user is present at the application.
These applications are not able to store confidential information.