18

I use the https://www.googleapis.com/auth/userinfo.email scope to get an email address of the authenticated user. But while authenticating, Google prompts the user:

The app would like to:

  • Know who you are on Google+ (for which the help icon says: This app is requesting permission to associate you with your public Google profile)
  • View your email address

I don't want the user's Google+ related information. I am using the OAuth2 authentication method. For Authsub request authentication it requires only email address access. How can I get access to the user's email address alone?

Community
  • 1
  • 1
Barani
  • 552
  • 4
  • 18
  • What you need might be OpenID [Difference between OpenID and OAuth][1] [1]: http://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth – zinking Mar 08 '14 at 03:20
  • 2
    Did you ever fix this? (Related: [Why do you need to know who I know on Google?](http://meta.stackexchange.com/questions/234365/why-do-you-need-to-know-who-i-know-on-google) on Meta Stack Exchange.) – Arjan Jun 21 '14 at 13:55
  • Unfortunately, @zinking, Google [is deprecating OpenID in April 2015](https://developers.google.com/+/api/auth-migration#timetable). – Arjan Jun 21 '14 at 14:05
  • Though the above question is much older, it seems more answers are available at [Is there a way to *only* get a user's email address with Google's OAuth2 implementation?](http://stackoverflow.com/questions/24410179/is-there-a-way-to-only-get-a-users-email-address-with-googles-oauth2-impleme). – Arjan Jun 28 '14 at 10:34

2 Answers2

2

If you are using Google+ Sign-In, the https://www.googleapis.com/auth/plus.login scope is automatically included, which would be why you were seeing that portion of the permission dialog.

If you do not need the enhanced features that come along with the Google+ Sign-In feature, then you'd probably want to do a standard OAuth flow. See the Google OAuth scenarios for a solution that might fit your needs where you can ask for only the email scope.

BrettJ
  • 6,801
  • 1
  • 23
  • 26
  • I didn't use Google+ Sign-In. I just used to call this link for authentication https://accounts.google.com/o/oauth2/auth?scope=https://adwords.google.com/api/adwords/%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=%2Fprofile&redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Fcode&response_type=code&client_id=812741506391.apps.googleusercontent.com&approval_prompt=force – Barani Aug 21 '13 at 11:06
  • 6
    I'm seeing this as well. Regardless of whether one uses Google+ Sign-In or any G+ services, adding the userinfo.email scope now shows "Know who you are on Google+" on the permission request page. As a service provider, I don't need to know who the user is. As a user, I don't want Google encouraging services to obtain - or simply granting them - more access than is actually needed. – Troy Davis Aug 25 '13 at 14:59
  • 1
    +1. In my case the only scope I am requesting is "email", yet the user is being prompted for "View your email address" and "Know who you are on Google+". Feedback from potential users is they do NOT want to give access to what they perceive to be personal information. – pinoyyid Aug 27 '13 at 05:54
  • I had an old screenshot and in the last month, it changed from "Know who you are on Google" (closer to accurate, though not as specific as it should be) to "Know who you are on Google+." It should simply say "Know your email address" and grant exactly that. – Troy Davis Aug 29 '13 at 20:48
  • 7
    This is another reason why WhatsApp became successful. They don't want to know anything about their users and there is no registration. Google hasn't learnt from that and still continues to raise questions by users when presented with the permissions screen when all you want to do is authenticate the user and get their ID and nothing more. Asking "Know who you are on Google" is a good way to lose a lot of new users. – Johann Feb 26 '14 at 07:26
  • Yes, exactly. The way SO site follow this as well. never ask more than you needed when authenticate – zinking Mar 08 '14 at 03:16
  • @zinking the SE dev team is having a problem because of this right now, with OpenID being deprecated. –  Jun 24 '14 at 16:02
  • @AndroidDev: I have a similar issue as the OP, but all I want is JUST the user ID, and a way to authenticate users on my server. As far as I can see, the only way to do that is to ask them for their Google+ information and a sheeetload of other things. Do you know if this has changed (no request would be ideal) and I'm just not finding it? Thanks! – Agamemnus Oct 28 '14 at 04:51
1

If anyone is still searching for this, I think this might help. In the gapi.auth2.init method in the Google Sign In JS client reference, set fetch_basic_profile to false (it's true by default). Now using the scope param for the same method specify "email", "profile" permissions

Abhas Sinha
  • 1,042
  • 1
  • 8
  • 9