4

I have asp.net indentity working fine. However when a user logs in, Google asks the user if it's OK to provide the following information:

- View your email address
- View basic information about your account

The problem is that I don't even want that information. I just want a unique way to identify the user (which it does provide). I don't want users thinking i'm going to spam them when they sign in.

In Startup.Auth.cs I use a very vanilla google setup:

app.UseGoogleAuthentication();

EDIT: SOLUTION

Brock's answer led me to the correct solution. Key thing was adding "openid" to the scope. 

    var googleOAuth2AuthenticationOptions = new GoogleOAuth2AuthenticationOptions
        {
            ClientId = "XXXX",
            ClientSecret = "YYYY",
            CallbackPath = new PathString("/Account/LoginCallback/"),
        };

    googleOAuth2AuthenticationOptions.Scope.Add("openid"); //!Important

    app.UseGoogleAuthentication(googleOAuth2AuthenticationOptions);
vidalsasoon
  • 4,365
  • 1
  • 32
  • 40
  • This works because on http://www.symbolsource.org/Public/Metadata/NuGet/Project/Microsoft.Owin.Security.Google/2.1.0-rc1/Release/.NETFramework,Version%3Dv4.5/Microsoft.Owin.Security.Google/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationHandler.cs?ImageName=Microsoft.Owin.Security.Google the default scope is scope = "openid profile email"; – Aaron Sherman May 07 '14 at 20:59
  • Great, googleOAuth2AuthenticationOptions.Scope.Add("openid") works. And if you want only email permission. use ("openid email") – Yaron Levi Jul 25 '14 at 11:04

1 Answers1

3

In the Katana v2 middleware the Google support was only Open ID and it was hard coded to request email.

In v2.1 they now have OAuth2 support, which means the GoogleAuthenticationOptions has a scopes property which allows you to control what you're asking from google. But this means you need to setup your client app like any other OAuth2 provider (so you need to register and get a client id/secret).

Brock Allen
  • 7,385
  • 19
  • 24