Menu
I have a "Sign in with Google+" button on my page. When people click on it, I want the only thing they authorize to be "View your email address."
I don't want "Know who you are on Google" or "View basic information about your account." I only want their email address.
I'm playing on the OAuth 2.0 Playground (https://developers.google.com/oauthplayground/) and see this:
Scope: email
Requests:
Scope: https://www.googleapis.com/auth/userinfo.email (and this one is deprecated)
Requests:
578
Get a client ID and client secretOn the Credentials page, select Create credentials, then select OAuth client ID. Under Application type, choose Web application. Click Create. On the page that appears, take note of the client ID and client secret.
If this scope is included while you generate the refresh token, you should be able to get the email address of the authenticating user by making the following request: https://www.googleapis.com/oauth2/v2/userinfo?access_token="YOUR_ACCESS_TOKEN". You can try this out in the API explorer.
Indeed, I've noticed that too. And I found an explanation from February 2013 here:
This is an intentional change to more precisely communicate to users the set of permissions that is being granted. Through knowledge of the user's email address it is possible, via indirect means, to locate the user's profile address. In the interest of more accurate disclosure, thus, we are prompting users to approve such disclosure.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
