Fine-grained Google OAuth Scope
Being a privacy paranoid, this is something I can't seem to find via Google OAuth2 document - can I only request the email address and user identifer?
I recall there is a time where I can get both email address and user identifer just by using
Now it seems without userinfo.profile, google only return user email address. I don't need anything other than user identifer from the profile scope though... To me it's a waste and requesting profile permission (access to birthday/location) may trigger unnecessary privacy concerns (well, to me anyway.)
Does requesting Google user identifer = getting userinfo.profile permission?
Actually you may request only the user_ID
The currently supported way is to add scope https//www.googleapis. com/auth/plus.me
In the future we will also support 'openid' for that purpose but that will also cause the server to return OpenIDConnect compliant responses and since that standard is still not finalized using it now exposes you to backwards incompatible API changes.
Yes, you'll need the userinfo.profile scope to get anything more than an email address, confirmation that the address is verified and hd on Google Apps user accounts (hd attribute let's you know it's a Google Apps account, not consumer). Those 3 attributes are all that's returned by userinfo.email.