Random de-auhorizations when using Google APIs

[ianhyzy]

I have an Apps Script app using this library to makes changes using domain-wide delegation. Right now it can edit Gmail and Calendar ACLs. I'ven noticed weird but intermittent behavior. I will get the below error despite 1) The service being on in GCP 2) the scopes are in the Admin Console in the app's details in the DWD section in Security 3) The scopes are in appscript.json and 4) I ran a script once from the editor to get the "approve this app" popup so I could click yes.

I can delete all the script properties and try again, and it will work, but in the most recent case I had Gmail working but not Calendar. I deleted the script property and Calendar worked but then the Gmail service threw the error!

What's going on?

{
  "error": {
    "code": 403,
    "message": "Request had insufficient authentication scopes.",
    "errors": [
      {
        "message": "Insufficient Permission",
        "domain": "global",
        "reason": "insufficientPermissions"
      }
    ],
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
        "domain": "googleapis.com",
        "metadata": {
          "method": "caribou.api.proto.MailboxService.ListDelegates",
          "service": "gmail.googleapis.com"
        }
      }
    ]
  }
}```

[ianhyzy]

Disabling caching fixed this it looks like. I'm guessing, but when trying to perform two actions on one user, I would call getService twice, with only the scopes needed for the specific action. Should I have one giant scoped access request that I cache? Or leave caching off?