Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Fine-grained Google OAuth Scope

Being a privacy paranoid, this is something I can't seem to find via Google OAuth2 document - can I only request the email address and user identifer?

I recall there is a time where I can get both email address and user identifer just by using

https://www.googleapis.com/auth/userinfo.email

Now it seems without userinfo.profile, google only return user email address. I don't need anything other than user identifer from the profile scope though... To me it's a waste and requesting profile permission (access to birthday/location) may trigger unnecessary privacy concerns (well, to me anyway.)

https://www.googleapis.com/auth/userinfo.profile

Does requesting Google user identifer = getting userinfo.profile permission?

like image 634
bitinn Avatar asked Jun 21 '26 22:06

bitinn


1 Answers

Actually you may request only the user_ID

The currently supported way is to add scope https//www.googleapis. com/auth/plus.me

In the future we will also support 'openid' for that purpose but that will also cause the server to return OpenIDConnect compliant responses and since that standard is still not finalized using it now exposes you to backwards incompatible API changes.

like image 102
breno Avatar answered Jun 25 '26 10:06

breno