是否可以通过Google的OAuth2实现“仅"获取用户的电子邮件地址?
我的页面上有一个使用Google+登录"按钮.当人们点击它时,我希望他们授权的 only 只是查看您的电子邮件地址".
I have a "Sign in with Google+" button on my page. When people click on it, I want the only thing they authorize to be "View your email address."
我不想要知道您在Google上的身份"或查看有关您帐户的基本信息".我只只想要他们的电子邮件地址.
I don't want "Know who you are on Google" or "View basic information about your account." I only want their email address.
我正在OAuth 2.0游乐场( https://developers.google.com/oauthplayground/)和看到这个:
I'm playing on the OAuth 2.0 Playground (https://developers.google.com/oauthplayground/) and see this:
范围:email
请求:
- 了解您在Google上的身份
- 查看您的电子邮件地址
作用域:https://www.googleapis.com/auth/userinfo.email(不推荐使用)
Scope: https://www.googleapis.com/auth/userinfo.email (and this one is deprecated)
请求:
- 了解您在Google上的身份
- 查看您的电子邮件地址
确实,我也注意到了这一点.我发现 2013年2月以来的解释:
Indeed, I've noticed that too. And I found an explanation from February 2013 here:
这是一个有意的更改,用于更精确地向用户传达所授予的权限集.通过了解用户的电子邮件地址,可以通过间接方式找到用户的个人资料地址.因此,为了更准确地进行披露,我们正在提示用户批准此类披露.
This is an intentional change to more precisely communicate to users the set of permissions that is being granted. Through knowledge of the user's email address it is possible, via indirect means, to locate the user's profile address. In the interest of more accurate disclosure, thus, we are prompting users to approve such disclosure.