From 45b86012aeda100f4c5b335c7ff6aac02bcd9dc7 Mon Sep 17 00:00:00 2001
From: Andrey Lebedev <andrew.lebedev@gmail.com>
Date: Fri, 22 Mar 2024 12:00:57 +0400
Subject: [PATCH 1/3] Added 'enable_granular_consent' parameter

---
 src/Client.php              | 20 ++++++++++++++++++++
 tests/Google/ClientTest.php |  2 ++
 2 files changed, 22 insertions(+)

diff --git a/src/Client.php b/src/Client.php
index 046670551..c20e1ccf5 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -142,6 +142,7 @@ class Client
      *     @type string $prompt
      *     @type string $openid
      *     @type bool $include_granted_scopes
+     *     @type bool $enable_granular_consent
      *     @type string $login_hint
      *     @type string $request_visible_actions
      *     @type string $access_type
@@ -187,6 +188,7 @@ public function __construct(array $config = [])
             'prompt' => '',
             'openid.realm' => '',
             'include_granted_scopes' => null,
+            'enable_granular_consent' => null,
             'login_hint' => '',
             'request_visible_actions' => '',
             'access_type' => 'online',
@@ -404,11 +406,17 @@ public function createAuthUrl($scope = null, array $queryParams = [])
             ? null
             : var_export($this->config['include_granted_scopes'], true);
 
+
+        $enableGranularConsent = $this->config['enable_granular_consent'] === null
+            ? null
+            : var_export($this->config['enable_granular_consent'], true);
+
         $params = array_filter([
             'access_type' => $this->config['access_type'],
             'approval_prompt' => $approvalPrompt,
             'hd' => $this->config['hd'],
             'include_granted_scopes' => $includeGrantedScopes,
+            'enable_granular_consent' => $enableGranularConsent,
             'login_hint' => $this->config['login_hint'],
             'openid.realm' => $this->config['openid.realm'],
             'prompt' => $this->config['prompt'],
@@ -785,6 +793,18 @@ public function setIncludeGrantedScopes($include)
         $this->config['include_granted_scopes'] = $include;
     }
 
+    /**
+     * If set to false, more granular Google Account permissions
+     * will be disabled for OAuth client IDs created before 2019.
+     * No effect for newer OAuth client IDs, since more granular
+     * permissions is always enabled for them
+     * @param bool $consent
+     */
+    public function setEnableGranularConsent($consent)
+    {
+        $this->config['enable_granular_consent'] = $consent;
+    }
+
     /**
      * sets function to be called when an access token is fetched
      * @param callable $tokenCallback - function ($cacheKey, $accessToken)
diff --git a/tests/Google/ClientTest.php b/tests/Google/ClientTest.php
index 94ce8b876..c4aa87c5c 100644
--- a/tests/Google/ClientTest.php
+++ b/tests/Google/ClientTest.php
@@ -156,6 +156,7 @@ public function testCreateAuthUrl()
         $client->setOpenIdRealm('example.com');
         $client->setPrompt('select_account');
         $client->setIncludeGrantedScopes(true);
+        $client->setEnableGranularConsent(false);
         $authUrl = $client->createAuthUrl("http://googleapis.com/scope/foo");
         $expected = "https://accounts.google.com/o/oauth2/v2/auth"
             . "?response_type=code"
@@ -166,6 +167,7 @@ public function testCreateAuthUrl()
             . "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo"
             . "&hd=example.com"
             . "&include_granted_scopes=true"
+            . "&enable_granular_consent=false"
             . "&openid.realm=example.com"
             . "&prompt=select_account";
 

From c38816722e98a691a950fbee535dd956c5a18971 Mon Sep 17 00:00:00 2001
From: Andrey Lebedev <andrew.lebedev@gmail.com>
Date: Fri, 22 Mar 2024 12:00:57 +0400
Subject: [PATCH 2/3] fix: added 'enable_granular_consent' parameter

---
 src/Client.php              | 20 ++++++++++++++++++++
 tests/Google/ClientTest.php |  2 ++
 2 files changed, 22 insertions(+)

diff --git a/src/Client.php b/src/Client.php
index 046670551..c20e1ccf5 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -142,6 +142,7 @@ class Client
      *     @type string $prompt
      *     @type string $openid
      *     @type bool $include_granted_scopes
+     *     @type bool $enable_granular_consent
      *     @type string $login_hint
      *     @type string $request_visible_actions
      *     @type string $access_type
@@ -187,6 +188,7 @@ public function __construct(array $config = [])
             'prompt' => '',
             'openid.realm' => '',
             'include_granted_scopes' => null,
+            'enable_granular_consent' => null,
             'login_hint' => '',
             'request_visible_actions' => '',
             'access_type' => 'online',
@@ -404,11 +406,17 @@ public function createAuthUrl($scope = null, array $queryParams = [])
             ? null
             : var_export($this->config['include_granted_scopes'], true);
 
+
+        $enableGranularConsent = $this->config['enable_granular_consent'] === null
+            ? null
+            : var_export($this->config['enable_granular_consent'], true);
+
         $params = array_filter([
             'access_type' => $this->config['access_type'],
             'approval_prompt' => $approvalPrompt,
             'hd' => $this->config['hd'],
             'include_granted_scopes' => $includeGrantedScopes,
+            'enable_granular_consent' => $enableGranularConsent,
             'login_hint' => $this->config['login_hint'],
             'openid.realm' => $this->config['openid.realm'],
             'prompt' => $this->config['prompt'],
@@ -785,6 +793,18 @@ public function setIncludeGrantedScopes($include)
         $this->config['include_granted_scopes'] = $include;
     }
 
+    /**
+     * If set to false, more granular Google Account permissions
+     * will be disabled for OAuth client IDs created before 2019.
+     * No effect for newer OAuth client IDs, since more granular
+     * permissions is always enabled for them
+     * @param bool $consent
+     */
+    public function setEnableGranularConsent($consent)
+    {
+        $this->config['enable_granular_consent'] = $consent;
+    }
+
     /**
      * sets function to be called when an access token is fetched
      * @param callable $tokenCallback - function ($cacheKey, $accessToken)
diff --git a/tests/Google/ClientTest.php b/tests/Google/ClientTest.php
index 94ce8b876..c4aa87c5c 100644
--- a/tests/Google/ClientTest.php
+++ b/tests/Google/ClientTest.php
@@ -156,6 +156,7 @@ public function testCreateAuthUrl()
         $client->setOpenIdRealm('example.com');
         $client->setPrompt('select_account');
         $client->setIncludeGrantedScopes(true);
+        $client->setEnableGranularConsent(false);
         $authUrl = $client->createAuthUrl("http://googleapis.com/scope/foo");
         $expected = "https://accounts.google.com/o/oauth2/v2/auth"
             . "?response_type=code"
@@ -166,6 +167,7 @@ public function testCreateAuthUrl()
             . "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo"
             . "&hd=example.com"
             . "&include_granted_scopes=true"
+            . "&enable_granular_consent=false"
             . "&openid.realm=example.com"
             . "&prompt=select_account";
 

From 9df4a6b2fa43087e02ce410eb1684b46cecd3b06 Mon Sep 17 00:00:00 2001
From: Andrey Lebedev <andrew.lebedev@gmail.com>
Date: Fri, 22 Mar 2024 12:18:30 +0400
Subject: [PATCH 3/3] fix: added 'enable_granular_consent' parameter

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7813e2ba4..4a8eec26e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [2.15.4](https://github.com/googleapis/google-api-php-client/compare/v2.15.3...v2.15.4) (2024-03-22)
+
+### Features
+
+* Add parameter `enable_granular_consent`
+
 ## [2.15.3](https://github.com/googleapis/google-api-php-client/compare/v2.15.2...v2.15.3) (2024-01-04)