Google+ OAuth Scopes

Question

I realize that questions on scopes have been asked before, but it's been difficult to sort through much of the documentation and many of the solutions as Google appears to have made a number of recent changes to the way its OAuth works.

I'm simply trying to get a Google authentication to verify a user; basically just to remove anonymity and prove that they're human. So I would be happy with the most basic information available, but preferably something I can use to identify the person.

I'm using the following for the sign-in button:

<span id="signinButton">
  <span
    class="g-signin"
    data-callback="signinCallback"
    data-clientid="[CLIENT_ID]"
    data-cookiepolicy="single_host_origin"
    data-requestvisibleactions="http://schema.org/AddAction"
    data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email">Sign
  </span>
</span>

This works. However, the authorization window that pops up has this as the first access request: "Know your basic profile info and list of people in your circles." The "list of people" is what bothers me and I would like for it to not request that. But, from the examples I've seen, this is the minimum that's available. Is this at all possible? Is that "list" the minimum?

Answer 1

According to the scopes documentation. https://www.googleapis.com/auth/plus.login gives you access to "the list of circled people that the user has granted your app access to know". Change your scopes to be profile email and you will want to remove data-requestvisibleactions="http://schema.org/AddAction" as that is requires the https://www.googleapis.com/auth/plus.login scope.

This should work.

<span id="signinButton">
  <span
    class="g-signin"
    data-callback="signinCallback"
    data-clientid="[CLIENT_ID]"
    data-cookiepolicy="single_host_origin"
    data-scope="profile email">Sign
  </span>
</span>