Incremental Google token rights


how do you keep track of current Google “access-level”.
I mean that in accounts-ui default login I have just ‘profile’ token requested.
Than in my manage view for administering various feeds from few Google APIs I have various tokens needed and not everyone need all of this functionality.
So for now I am doing Meteor.loginWithGoogle for every button with different tokens.
But it is quite annoying, especially when I have few accounts linked to my profile and for some APis it always ask for which 1 I want to grant it etc.

How do you keep track of current token type so I dont call loginWithGoogle every time if it is not needed. And I would want to build up the permission list incrementally.

I would probably just prepare few “sets” of permissions and always one group of buttons would need these to work, than other group will have other set. And tracking current permission-set state in reactive var and every time it changes firing request access dialog again.
And always just appending unique permissions, so I always crosscheck with this reactive var state if needed permission is already active and if not request login again.

Plus some button to force request, if I need to use same permission, but on other sub-account.

But is there some well known way with best practices ?