I'm integrating Google sign-in to my web app, but no matter what I specify, it always shows a warning in the login flow:
To continue, Google will share your name, email address, and profile picture with [app name].
I don't need or want the name, email address, or profile picture of my users; I just need a token_id. I'm aware of a similar question where the developer wants only the email address, and it is explained that the other details can be derived from the email address anyway, but in this case I don't want the email address either.
Following the documentation I've set:
function login() {
gapi.auth2.init({
client_id: myClientIdHere,
cookie_policy: 'none',
fetch_basic_profile: false, // <-- remove basic profile
scope: 'openid', // <-- request only openid
ux_mode: 'redirect', // <-- using redirect to avoid popup blocker issues
redirect_uri: myRedirectUriHere,
}).then((GoogleAuth) => {
GoogleAuth.signIn() // [etc]
});
}
function init() {
gapi.load('auth2', login);
}
Inspecting network requests shows that this is directing the user towards:
https://accounts.google.com/o/oauth2/auth?redirect_uri=[myRedirectUri]&response_type=permission%20id_token&scope=openid&openid.realm=&client_id=[myClientId]&ss_domain=[myDomain]&fetch_basic_profile=false&gsiwebsdk=2
Which looks correct. I've tried tweaking that URL and manually navigating to it and no matter what I change it always seems to show the warning.
In my Google API console project under Credentials -> OAuth consent screen -> Scopes for Google APIs, I can see that "email", "profile" and "openid" are all listed, and I can't find any option to remove them.
I don't know if it's actually sending me that information when a user signs in, but I'd like to remove the warning from the login screen.
How can I use Google sign-in just for sign-in? How do I prevent it giving me profile / email address information?
When you get an access token back from Google, you can call the userinfo endpoint and obtain user profile information using the openid scope, so even though you don't need the email and profile information, you can still obtain that information through the userinfo endpoint [1].
[1] https://developers.google.com/identity/protocols/OpenIDConnect#obtaininguserprofileinformation
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With