Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Request only 'openid' scope from Google Sign-In for Websites

Tags:

oauth-2.0

google-signin

google-oauth

I'm integrating Google sign-in to my web app, but no matter what I specify, it always shows a warning in the login flow:

To continue, Google will share your name, email address, and profile picture with [app name].

I don't need or want the name, email address, or profile picture of my users; I just need a token_id. I'm aware of a similar question where the developer wants only the email address, and it is explained that the other details can be derived from the email address anyway, but in this case I don't want the email address either.

Following the documentation I've set:

function login() {
  gapi.auth2.init({
    client_id: myClientIdHere,
    cookie_policy: 'none',
    fetch_basic_profile: false,    // <-- remove basic profile
    scope: 'openid',               // <-- request only openid
    ux_mode: 'redirect', // <-- using redirect to avoid popup blocker issues
    redirect_uri: myRedirectUriHere,
  }).then((GoogleAuth) => {
    GoogleAuth.signIn() // [etc]
  });
}

function init() {
  gapi.load('auth2', login);
}

Inspecting network requests shows that this is directing the user towards:

https://accounts.google.com/o/oauth2/auth?redirect_uri=[myRedirectUri]&response_type=permission%20id_token&scope=openid&openid.realm=&client_id=[myClientId]&ss_domain=[myDomain]&fetch_basic_profile=false&gsiwebsdk=2

Which looks correct. I've tried tweaking that URL and manually navigating to it and no matter what I change it always seems to show the warning.

In my Google API console project under Credentials -> OAuth consent screen -> Scopes for Google APIs, I can see that "email", "profile" and "openid" are all listed, and I can't find any option to remove them.

I don't know if it's actually sending me that information when a user signs in, but I'd like to remove the warning from the login screen.

How can I use Google sign-in just for sign-in? How do I prevent it giving me profile / email address information?

like image 693
Dave Avatar asked Nov 06 '22 18:11

Dave

1 Answers

When you get an access token back from Google, you can call the userinfo endpoint and obtain user profile information using the openid scope, so even though you don't need the email and profile information, you can still obtain that information through the userinfo endpoint [1].

[1] https://developers.google.com/identity/protocols/OpenIDConnect#obtaininguserprofileinformation

like image 89
user2705223 Avatar answered Dec 26 '22 06:12

user2705223
Sign in to Comment

Related questions

Google Login fail with youtube accounts
Google Developers Console - Oauth consent screen configuration doesn't save the input
To what extent do the Google OAuth 2.0 APIs support RFC7636?
How to securely use credentials outside web.config for ASP.NET & Azure
Using Xamarin.Auth for OAuth2 authentication - username and password?
Rails / Devise: undefined method `router_name' for nil:NilClass - what is coming through as nil?
How can I automate authentication to basecamp 3 api (preferably in python)?
OAuth2 Client And Resource Server in same application
Google OAuth2 authentication with Spring Boot and Angular 2 CLI
How to implement google oauth in cakephp using cakedc/users?
Authorising cross site web app to access my RESTful API
Google Home App, cannot get OAUTH working properly
How to verify that oAuth2 access_token is used by same client to whom it was issued in Spring security?
Spring WebClient with OAuth2 authorization
Spring OAuth2 XML configuration for Client and Resource Server [closed]
How to get nodemailer to work with 2LO for service accounts?
OAuth 2 with spring security and setting the State parameter in the redirect
How to prevent refreshing a stolen access token
How to get user profile data after getting access token from LinkedIn via Oath2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!