Databases
StackOverflow2013
Postsdbo
PODoes Google's UserInfo API offer any guarantees?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODoes Google's UserInfo API offer any guarantees?
    text
    copied!<p>We implemented Google OAuth for our website a few months ago. So far two users (of ~100) have had incomplete userinfo profiles. We make a call to '<a href="https://www.googleapis.com/oauth2/v1/userinfo" rel="nofollow">https://www.googleapis.com/oauth2/v1/userinfo</a>?', with a valid token and the response json contains only, [locale, verified_email, email, id].</p> <p>The docs (<a href="https://developers.google.com/accounts/docs/OAuth2Login#userinfocall" rel="nofollow">https://developers.google.com/accounts/docs/OAuth2Login#userinfocall</a>) are not explicit, but the way I interpret them,</p> <p>The response should ALWAYS include: [id, email, verified_email, name, given_name, family_name, timezone, gender] and SOMETIMES include: [picture, locale]</p> <p>Does anyone know what kind of guarantee comes with the UserInfo API? Should I reject incomplete profiles as invalid? Is there any other explanation for why the profile would be incomplete?</p> <p><strong>UPDATE 3/6/14</strong><br> I was able to replicate the problem. We send the user off to google requesting, two scopes: </p> <p><a href="https://www.googleapis.com/auth/userinfo.profile" rel="nofollow">https://www.googleapis.com/auth/userinfo.profile</a><br> and<br> <a href="https://www.googleapis.com/auth/userinfo.email" rel="nofollow">https://www.googleapis.com/auth/userinfo.email</a> </p> <p>So far as I can tell google does not allow users to cherry pick which scopes they allow. It's all or nothing. However, I was able to remove the userinfo.profile scope from the URL and reload the page. This caused me to be send back with a valid token, but not the correct scope. I'll need to hit the tokeninfo endpoint and make sure the correct scope has been authorized.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload