These objects enable your application to obtain user authorization and to make authorized API requests.
The client object identifies the scopes that your application is requesting permission to access.
In this flow, your app opens a Google URL that uses query parameters to identify your app and the type of API access that the app requires.
You can open the URL in the current browser window or a popup.
The user can authenticate with Google and grant the requested permissions. The redirect includes an access token, which your app verifies and then uses to make API requests.
Note: Given the security implications of getting the implementation correct, we strongly encourage you to use OAuth 2.0 libraries when interacting with Google's OAuth 2.0 endpoints.
The OAuth 2.0 API Scopes document provides a full list of scopes that you might use to access Google APIs.
Since your value can increase your assurance that an incoming connection is the result of an authentication request.
By requesting access to user data in context, via incremental authorization, you help users to more easily understand why your application needs the access it is requesting. Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response.
The server returns the exact value that you send as a after the user consents to or denies your application's access request.
If you generate a random string or encode the hash of a cookie or another value that captures the client's state, you can validate the response to additionally ensure that the request and response originated in the same browser, providing protection against attacks such as cross-site request forgery.
See the Open ID Connect documentation for an example of how to create and confirm a and the authorization request is granted, then the new access token will also cover any scopes to which the user previously granted the application access.