This article describes how to access additional scopes, such as Google Classroom, that are not available in the default User Interface

• Google Social Connections

• Management API

• Ensure the Google Social Connection has production keys configured.

• Update the connection via the Management API to request the Google Classroom scopes as upstream_params. Include a Refresh Token if needed. The following code block includes a single scope from the Google documentation as an example: 

• { ... "options": { <... existing options ...> "upstream_params": { "connection_scope": { "value": "https://www.googleapis.com/auth/classroom.profile.emails" }, "access_type": { "value": "offline" } } } }

• From a secure backend, retrieve the Google Access Token by calling GET /api/v2/users/{id} using a Management API token with read:user_idp_tokens scope. See Identity Provider Access Tokens for more details.

• Locate the Google Access Token (and Refresh Token, if requested) in the identities array.

• Use the Access Token to call the Google Classroom API.

  NOTE: Users are prompted for consent for the new permissions if this change is made after they have already signed in and given consent to Google.