1

I realize that questions on scopes have been asked before, but it's been difficult to sort through much of the documentation and many of the solutions as Google appears to have made a number of recent changes to the way its OAuth works.

I'm simply trying to get a Google authentication to verify a user; basically just to remove anonymity and prove that they're human. So I would be happy with the most basic information available, but preferably something I can use to identify the person.

I'm using the following for the sign-in button:

<span id="signinButton">
  <span
    class="g-signin"
    data-callback="signinCallback"
    data-clientid="[CLIENT_ID]"
    data-cookiepolicy="single_host_origin"
    data-requestvisibleactions="http://schema.org/AddAction"
    data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email">Sign
  </span>
</span>

This works. However, the authorization window that pops up has this as the first access request: "Know your basic profile info and list of people in your circles." The "list of people" is what bothers me and I would like for it to not request that. But, from the examples I've seen, this is the minimum that's available. Is this at all possible? Is that "list" the minimum?

Halvor Holsten Strand
  • 19,829
  • 17
  • 83
  • 99
user903345
  • 370
  • 3
  • 10

1 Answers1

2

According to the scopes documentation. https://www.googleapis.com/auth/plus.login gives you access to "the list of circled people that the user has granted your app access to know". Change your scopes to be profile email and you will want to remove data-requestvisibleactions="http://schema.org/AddAction" as that is requires the https://www.googleapis.com/auth/plus.login scope.

This should work.

<span id="signinButton">
  <span
    class="g-signin"
    data-callback="signinCallback"
    data-clientid="[CLIENT_ID]"
    data-cookiepolicy="single_host_origin"
    data-scope="profile email">Sign
  </span>
</span>
abraham
  • 46,583
  • 10
  • 100
  • 152
  • Thanks! I had tried that scope value but didn't know about the requestvisibleactions attribute. I thought that was required as it's in Google's example. – user903345 Jul 24 '14 at 19:59
  • 1
    It's used to write app activity back to Google. https://developers.google.com/+/api/moment-types/ – abraham Jul 24 '14 at 21:17
  • This does not work for me, google still tells the user i want access to "list of people". I am using the sdk directly so that might be why – user1852503 Aug 04 '16 at 07:56