Sign in with Google: How to customize the requested permissions

Question

I'd like to find out how to configure an app engine application to request custom permissions. The example below asks to "manage your applications deployed on Google App Engine". How did they pull that off?

Answer 1

Overview:

The method that the application is using to login is OAuth. What shows up in that box is controlled by the scope.

The purpose of OAuth scopes is accessing information about authenticated users. The scopes are different for each application, and determine what information about a user an application is granted access to.

The following resources might be worth checking out:

• Google's OAuth 2.0 for Login
• Using OAuth 2.0 to Access Google APIs
• OAuth Playground

The OAuth Wikipedia isn't that great, but might be useful depending on your understanding.

In general, the documentation for each API you intend to use will have the information about what scopes available and should be used.

---

In Detail:

Concretely, an OAuth request with the scope parameter as

https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile

would show the user a prompt similar to the following when logging in:

+ View basic information about your account
    * View your name, public profile URL, and photo
    * View your gender and birthdate
    * View your country, language, and timezone
+ View your email address
    * View the email address associated with your account

While one with only https://www.googleapis.com/auth/userinfo.email would show something like:

+ View your email address
    * View the email address associated with your account

You can customize the scopes depending on what information you want from a user.