4

I've built an app for Glass and I've noticed that Google accounts without the actual Glass device (I personally know those users) are perfectly able to complete the OAuth2 process including the Glass scopes (https://www.googleapis.com/auth/glass.timeline and https://www.googleapis.com/auth/glass.location)

It seems unexpected and somehow problematic as those are users who might be consuming resources of the app, may expect some functionality our if it, but they can't get any services in return.

mimming
  • 13,974
  • 3
  • 45
  • 74
zugaldia
  • 702
  • 3
  • 8
  • Er, so what would you expect? Would you expect Google to implement some broken-by-principle way for glasses to authenticate themselves to Google? Also, why is it a problem for you to give the same access to glas users and non-glass-users? – thejh Jun 12 '13 at 22:23
  • Well, I was expecting some kind of oauth2 error code in return. Otherwise, for example, I'd send the user a timeline card and notify them they should expect it shortly when they don't even have a device to begin with. Also, if the user eventually obtains the device, will they receive all the messages in the pipeline? – zugaldia Jun 12 '13 at 22:38

2 Answers2

3

All users have a timeline. By requesting those scopes, you're asking for access to that abstract data.

If that activates a Glass device, their timeline is synchronized to that device.

I understand why you may want to distinguish between users who have one, many, or zero active Glass devices. You may want to request that this be added to the API by filing an enhancement request.

mimming
  • 13,974
  • 3
  • 45
  • 74
0

Also see "How to find out if a user actually has Glass" for a similar question, along with a proposed answer to use double opt-in as a way to mitigate the resource issue.

Community
  • 1
  • 1
Prisoner
  • 49,922
  • 7
  • 53
  • 105