I’m working on an Android app that needs Gmail access using Google’s CredentialManager API. I’m having trouble with the authorization flow after revoking permissions.
When I first tested my app, Google showed me a popup asking for Gmail read permissions and I accepted it. Later I went to my Google Account settings and removed the app’s access to test the flow again. I expected the permission dialog to appear again when I ran the app, but it doesn’t show up anymore.
Here’s my code for handling Gmail permissions:
// Creates Gmail permission request for Identity.authorize()
fun buildGmailPermissionRequest(): AuthorizationRequest {
val scopeList = listOf(Scope(GmailScopes.GMAIL_READONLY))
return AuthorizationRequest.builder()
.setRequestedScopes(scopeList)
.build()
}
suspend fun removeGmailToken(): Boolean {
val accessToken = storedGmailToken ?: return false
return try {
val revokeUrl = URL("https://oauth2.googleapis.com/revoke?token=$accessToken")
withContext(Dispatchers.IO) {
val connection = revokeUrl.openConnection() as HttpURLConnection
connection.requestMethod = "POST"
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded")
connection.doOutput = true
connection.outputStream.flush()
connection.inputStream.bufferedReader().use { it.readText() }
connection.responseCode == 200
}
} catch (ex: Exception) {
Log.e(logTag, "Failed to revoke token: ${ex.message}")
false
}
}
// Process Gmail authorization response
fun processPermissionResult(result: AuthorizationResult?): Boolean {
if (result == null) {
Log.e(logTag, "Permission result is null")
return false
}
val requiredScopes = listOf(Scope(GmailScopes.GMAIL_READONLY)).map { it.scopeUri }
val approvedScopes = result.grantedScopes
val gmailGranted = approvedScopes.containsAll(requiredScopes)
val token = result.accessToken
Log.d(logTag, "Approved scopes: $approvedScopes")
Log.d(logTag, "Gmail granted: $gmailGranted")
Log.d(logTag, "Token: $token")
return if (gmailGranted && token != null) {
storedGmailToken = token
Log.i(logTag, "Gmail permission granted successfully")
true
} else {
storedGmailToken = null
Log.w(logTag, "Gmail permission was denied")
false
}
}
I tried restarting the app completely but the authorization popup still won’t appear. What could be preventing it from showing up again?
This happens because Android caches authentication state locally, even after you revoke access in Google Account settings. Server-side revocation doesn’t clear the local cached consent - ran into this exact issue on a project last year. The CredentialManager API keeps local state that messes with auth flow testing. You need to clear Google Play Services cache specifically: Settings > Apps > Google Play Services > Storage > Clear Cache and Clear Data. This forces the auth system to restart consent flow. Also check if you’re storing auth tokens or state in SharedPreferences that might bypass the normal flow. Your removeGmailToken function looks right, but make sure you’re actually calling it and fully clearing storedGmailToken. For testing, add a debug option that calls your token revocation method before triggering auth requests. Saves you from manually clearing cache every time.
This is super common with Google’s auth flow. Google caches consent state client-side even after you revoke permissions from your account settings.
Try clearing:
Your app’s full data from Android settings (not just cache)
Sign out of all Google accounts in system settings, then back in
Check your code isn’t storing auth state locally
Honestly though, handling OAuth edge cases manually is a nightmare. Been down that rabbit hole too many times.
I ended up using Latenode for Gmail integration on similar projects. It handles all the OAuth mess and token management automatically - you just connect Gmail as a service and it deals with permissions, token refreshing, all of it.
Best part is testing different auth scenarios without manually revoking permissions and clearing caches constantly. Way fewer debugging headaches.
Google’s OAuth does this weird thing where it hides the authorization dialog if it thinks you already decided recently. Even after you revoke permissions in your account settings, Google keeps its own internal consent tracking that’s totally separate from your app’s token storage.
I hit this exact problem building a document management app. What worked was adding prompt=consent to force the dialog to show up. Since you’re using CredentialManager API though, you might need to wipe the entire Google account auth state on the device.
You could also check if your AuthorizationRequest builder takes extra parameters. Some let you set hints that force re-auth. And double-check your OAuth client config in Google Cloud Console - test credentials sometimes cache differently than production ones.
For debugging, try a completely fresh device or emulator with no Google accounts signed in first. That’ll tell you if it’s device caching or something wrong with your implementation.
had the same issue a while back. google play services tend to cache auth states that don’t go away even after revoking permissions from settings. try: go to settings > accounts > google > your account > account sync, turn gmail sync off then on again. also, you might want to completely uninstall and reinstall your app since just clearing data sometimes doesn’t do the trick. credentialmanager really can be a hassle with this kind of stuff!