I use the https://www.googleapis.com/auth/userinfo.email
scope to get an email address of the authenticated user. But while authenticating, Google prompts the user:
The app would like to:
- Know who you are on Google+ (for which the help icon says: This app is requesting permission to associate you with your public Google profile)
- View your email address
I don't want the user's Google+ related information. I am using the OAuth2 authentication method. For Authsub request authentication it requires only email address access. How can I get access to the user's email address alone?
If this scope is included while you generate the refresh token, you should be able to get the email address of the authenticating user by making the following request: https://www.googleapis.com/oauth2/v2/userinfo?access_token="YOUR_ACCESS_TOKEN". You can try this out in the API explorer.
What are sensitive API scopes? Sensitive scopes allow access to Google User Data. If an app uses sensitive scopes, it must comply with the Google API User Data Policy or product specific User Data policy and have its OAuth consent screen configuration verified by Google.
We solved the issue by updating our original scopes 'profile email' to https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile and by doing some minor changes to the code. When initiating the google_auth_oauthlib.
If you are using Google+ Sign-In, the https://www.googleapis.com/auth/plus.login
scope is automatically included, which would be why you were seeing that portion of the permission dialog.
If you do not need the enhanced features that come along with the Google+ Sign-In feature, then you'd probably want to do a standard OAuth flow. See the Google OAuth scenarios for a solution that might fit your needs where you can ask for only the email scope.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With