Google Sign In - Asking for fewer Permissions

Question

I'm using the Google+ Sign In button on my website so that users don't need to create a user account. I'm not interested in any of the social aspects of the Google+ button (for now).

I want the user to be presented with something like this:

But instead they're presented with something like this:

Which I feel will bounce some potential new users. How do I preset the user with the top screenshot?

I'm setting the sign-in button attribute to: data-scope="https://www.googleapis.com/auth/userinfo.email" or ...plus.me but it seems that plus.info is getting included regardless. Which means my users are asked for all the extra permissions.

I've read this post: Sign in with google, but not google+ but...

This Google page and this Google page recommend the Google+ Sign In button over other sign in methods. And since one day I might want to use the social features, that makes sense to me.

So, am I doing something dumb? Is there a way to use the Google+ Sign In button without asking for all the permissions in the second screenshot?

Answer 1

The permissions that are listed in the consent dialog are tied to the scopes that you request. The difference in your example is the difference between plus.me and plus.login. If you are using a traditional OAuth 2.0 login flow, you can simply switch the scope you are using to reflect the fact that you are not requesting additional user data. However, if you are using the Google+ Sign-In button, the plus.login scope is automatically included, as it is the scope that enables the extra features that come with Google+ Sign-in.

Learn more about scopes at https://developers.google.com/+/api/oauth#scopes. And, if you do not wish to use the additional features of Google+ Sign-In, you can learn more about the OAuth 2.0 flows at https://developers.google.com/accounts/docs/OAuth2.

Answer 2

When you use Google Sign in, you can pass in scopes. The example app that comes with the google sign in flutter example includes requesting access to Contacts. So to remove that, you just have to remove the scope from the scopes parameter. You might have to restart or reinstall your app for the effect to take change.

For a list of the available scopes, see this: https://developers.google.com/identity/protocols/oauth2/scopes

GoogleSignIn _googleSignIn = GoogleSignIn(
  scopes: <String>[
  //  'email', -> remove this
  //  'https://www.googleapis.com/auth/contacts.readonly', -> remove this
  ],
);