django social auth limiting user data

StackOverflow https://stackoverflow.com/questions/18674352

  •  28-06-2022
  •  | 
  •  

Question

I have configured django social auth's to take from google only e-mail, but google shows this screen alerting app user that gender, date of birth, picture, language will be collect:

enter image description here

My django-social-auth config is as follow:

WHITE_LISTED_DOMAINS = [ 'some_domain', ]
GOOGLE_WHITE_LISTED_DOMAINS = WHITE_LISTED_DOMAINS
SOCIAL_AUTH_EXTRA_DATA = False    
#LOGIN_ERROR_URL    = '/login-error/' Not set
#SOCIAL_AUTH_DEFAULT_USERNAME = 'new_social_auth_user' Not set
#GOOGLE_CONSUMER_KEY          = '' Not set
#GOOGLE_CONSUMER_SECRET       = '' Not set
#GOOGLE_OAUTH2_CLIENT_ID      = '' Not set
#GOOGLE_OAUTH2_CLIENT_SECRET  = '' Not set
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = False
SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['email',]

INSTALLED_APPS = (
    'django.contrib.auth',
     ...
    'social_auth',
)

How can I do to avoid this google message?

EDITED

I have move to GoogleOauth2 auth and inherit and change google backend:

from social_auth.backends.google import *

GOOGLE_OAUTH2_SCOPE = ['https://www.googleapis.com/auth/userinfo.email',]

class GoogleOAuth2(BaseOAuth2):
    """Google OAuth2 support"""
    AUTH_BACKEND = GoogleOAuth2Backend
    AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/auth'
    ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
    REVOKE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/revoke'
    REVOKE_TOKEN_METHOD = 'GET'
    SETTINGS_SECRET_NAME = 'GOOGLE_OAUTH2_CLIENT_SECRET'
    SCOPE_VAR_NAME = 'GOOGLE_OAUTH_EXTRA_SCOPE'
    DEFAULT_SCOPE = GOOGLE_OAUTH2_SCOPE
    REDIRECT_STATE = False

    print DEFAULT_SCOPE  #<------ to be sure

    def user_data(self, access_token, *args, **kwargs):
        """Return user data from Google API"""
        return googleapis_profile(GOOGLEAPIS_PROFILE, access_token)

    @classmethod
    def revoke_token_params(cls, token, uid):
        return {'token': token}

    @classmethod
    def revoke_token_headers(cls, token, uid):
        return {'Content-type': 'application/json'}

But google still ask for profile data, profile is still in scope:

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&redirect_uri=...

Runs fine if I modify by hand social-auth code instead inherit:

def get_scope(self):
    return ['https://www.googleapis.com/auth/userinfo.email',]

What is wrong with my code?

Was it helpful?

Solution

That's because the default scope used on google backend is set to that (email and profile information), it's defined here. In order to avoid that you can create your own google backend which just sets the desired scope, then use that backend instead of the built in one. Example:

from social_auth.backends.google import GoogleOAuth2

class SimplerGoogleOAuth2(GoogleOAuth2):
    DEFAULT_SCOPE = ['https://www.googleapis.com/auth/userinfo.email']

OTHER TIPS

Those who don't know how to add in AUTHENTICATION_BACKENDS, if using the way Omab suggested you need to add newly defined backend in your setting.py file:

AUTHENTICATION_BACKENDS = (
    'app_name.file_name.class_name',  #ex: google_auth.views.SimplerGoogleOAuth2
    # 'social_core.backends.google.GoogleOAuth2', # comment this as no longer used
    'django.contrib.auth.backends.ModelBackend',
)

To know how to create the class SimplerGoogleOAuth2 check Omab's answer.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top