Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

limit oauth scope for Google+ #4087

Closed
chadwhitacre opened this issue Jul 18, 2016 · 1 comment
Closed

limit oauth scope for Google+ #4087

chadwhitacre opened this issue Jul 18, 2016 · 1 comment

Comments

@chadwhitacre
Copy link
Contributor

Reticketed from @sampablokuper in #4085:

Gratipay would like to:

  • Know who you are on Google. (This app is requesting permission to associate you with your public Google profile.)
  • Know the list of people in your circles, your age range, and language. (View the list of people you've connected to on Google+. View your age range, and language.)
  • View your email address. (View the email address associated with your account.)

By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time.

[Deny] [Allow]

OK, I certainly don't see any reason why Gratipay should know whether I have any people in my "circles" nor, if so, who they are. Likewise my age range. Likewise whatever language settings I might use for Google (after all, what if I want to use Google in one language, and Gratipay in another?). I'm a bit unclear about what a "public Google profile" is, but I don't really see any need for Gratipay to access it, regardless, at least for account creation. Unfortunately, there is no option to uncheck any of these permissions, so the only option here is to click "Deny".

@chadwhitacre
Copy link
Contributor Author

More from #4085 (comment) ...


@Nashe:

I don't know if we can reduce the scope, but a least it seems that the user can choose what to expose ;-)


@sampablokuper:

On the Google+ authorization page, I was able to uncheck all the Circles of the list. [It] seems that the user can choose what to expose

I don't use Google+, but using the "Google" option from the Gratipay "sign in" drop down menu, the behaviour is exactly as I described above. I am not presented with a mechanism to choose which items to grant Gratipay access to.

Maybe Google+ users are shown a different page, with different options?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant