When creating Google Drive applications there are a number of permission "scopes" that can be specified to indicate to the users what permissions are required to run that application.

One of these permissions:

Perform these operations when I'm not using the application

Causes a lot of concern amongst our users. We could not find any definitive explanation of what causes this permission to be listed.

The only possibility we could think of is that using server-side flow for the OAuth2 means that the server might be still syncronising after the browser has been closed and so this has to be flagged up.

If that's the case, will using JS direct to Drive (no proxy server) mean that this permission will not be requested?

This is due to the OAuth2 flavour you chose.

You probably have taken the web server flow flavour, which build a grant URL with the parameter access_type = offline.

This allows you to obtain a refresh token, so you can access your user's files after he has used your app.

You can replace this access_type paramater to access_type=online but you wont get a refresh token. You will be able to acces your users'files only for one hour. After that, you will have to request a new access token to access his files.

I encourage you to read this page where each of the flow are explained.

The official specifications are a good source of information too.