Multiple Auth Requests for a Single Integration – Looking for Feasible Solutions within Arcade

[danhong1990]

We’re currently experiencing an issue where users are prompted multiple times to grant permissions when connecting to a single integration (e.g., Gmail), due to scope-specific authorization flows. We’re trying to understand whether there’s a feasible way to consolidate these auth requests within Arcade, or if this is a structural limitation.

⸻

🧩 Problem Overview
• For integrations like Gmail, multiple distinct scopes are required depending on the feature (e.g., gmail.modify, gmail.readonly, gmail.send, etc.)
• Arcade does not appear to support injecting multiple scopes into a single tool instance or consolidating them under a unified auth flow
• As a result, users are prompted repeatedly for authorization when enabling different features of the same integration — leading to a fragmented and frustrating UX

⸻

🧪 Attempted Workaround

Strategy: Leverage the hierarchical nature of OAuth scopes (e.g., gmail.modify > gmail.readonly) to authenticate using only a broader scope.
• We tested authenticating Gmail access by requesting only gmail.modify, assuming it would implicitly include permissions like readonly and labels
• We spoofed the tool in Arcade to request only the higher-level scope (modify) and attempted to use it for all feature access

Results:
• Unfortunately, gmail.readonly and gmail.labels do not work with only gmail.modify; explicit scopes are still required for functionality
• We haven’t tested gmail.send or gmail.compose yet, but at this point it’s clear that at least 3 out of 5 required scopes are not implicitly included, making this workaround unviable

⸻

❓ What We’d Like to Know

We’re hoping to understand whether there are any supported or recommended ways to solve this problem within the Arcade framework, such as:
1. Is there a way to inject multiple scopes into a single tool instance to consolidate the auth flow?
2. Can Arcade support grouping scopes under a unified tool or batch requesting permissions in a single consent screen?
3. Are there best practices for structuring tools and scopes in Arcade to avoid redundant auth requests for what is conceptually one integration?

⸻

🙏 Why This Matters

Having users repeatedly grant permissions for one integration — simply because different scopes are required — creates significant friction and negatively impacts adoption. We’d like to provide a smoother, one-time auth experience if possible, and would greatly appreciate any insights or suggestions on how to achieve this within Arcade.

[evantahler]

Hello! Does the solution discussed in #444 (manually authorizing your tools ahead of use) work for your use-case? This is nice because you won't need to know what the oAuth scopes a tool uses are, just the tool names.

[danhong1990]

Luke can you take a look into this? Best regards, Dan Hong CEO, OFFLIGHT <https://www.offlight.work/> *Email*: ***@***.*** ***@***.***> *Phone*: +82-10-6856-1560

…

On Mon, Jul 7, 2025 at 7:18 AM Evan Tahler ***@***.***> wrote: Hello! Does the solution discussed in #444 <#444> (manually authorizing your tools ahead of use) work for your use-case? — Reply to this email directly, view it on GitHub <#474 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BBN5PIPA62MMHUNNLQVQWBT3HGOFDAVCNFSM6AAAAACAV5GM2OVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNRXG4YDOMA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[danhong1990]

Hi Arcade Team, Thank you for the recent discussion. However, based on the current proposal, the suggested approach does not align with our requirements. Specifically, the discussion outlines a model where permissions can only be pre-issued for a specified tool. In our service, however, users can use multiple tools, and thus binding authorization to a single tool is not suitable for our use case. Instead of specifying a tool, we need an API that allows issuing permissions based on a set of scopes. This would enable more flexible and scalable integration across various tools within our service. Please let us know if there's room to revisit the design to accommodate this need. Best regards, Luke 2025년 7월 7일 (월) 오후 3:50, Hong, Dan ***@***.***>님이 작성:

…

Luke can you take a look into this? Best regards, Dan Hong CEO, OFFLIGHT <https://www.offlight.work/> *Email*: ***@***.*** ***@***.***> *Phone*: +82-10-6856-1560 On Mon, Jul 7, 2025 at 7:18 AM Evan Tahler ***@***.***> wrote: > Hello! Does the solution discussed in #444 > <#444> (manually > authorizing your tools ahead of use) work for your use-case? > > — > Reply to this email directly, view it on GitHub > <#474 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/BBN5PIPA62MMHUNNLQVQWBT3HGOFDAVCNFSM6AAAAACAV5GM2OVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNRXG4YDOMA> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

[torresmateo]

Hi @danhong1990 , I think this page on our docs addresses your use case. Basically, you can "collect" the required scopes from multiple tools for the same OAuth provider, and authenticate all of those scopes at once: https://docs.arcade.dev/home/faq#can-i-authenticate-multiple-tools-at-once