How to limit Google OpenID info sharing?
21 views
Skip to first unread message
Greg Barker
Apr 22, 2014, 9:57:05 PM4/22/14
to django-so...@googlegroups.com
By default, it appears to request both name & email. So Google gives you the prompt:
mycoolsite.com would like to:
View your email address
View basic information about your account
How do I make it so it only requires "View your email address"? I don't need the "View basic information about your account" in there.
Thanks!
mycoolsite.com would like to:
View your email address
View basic information about your account
How do I make it so it only requires "View your email address"? I don't need the "View basic information about your account" in there.
Thanks!
Matías Aguirre
Apr 23, 2014, 1:32:57 AM4/23/14
to Greg Barker, django-social-auth
There's no way to override that in django-social-auth, still, basic information
is needed by the application to create a valid user account.
Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
--
Matías Aguirre (matias...@gmail.com)
is needed by the application to create a valid user account.
Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
Matías Aguirre (matias...@gmail.com)
Greg Barker
Apr 23, 2014, 2:23:40 PM4/23/14
to django-so...@googlegroups.com, Greg Barker
Thanks for the quick reply!
How come basic info is needed to create a valid user account? I've been using a hacked up version of django-openid-auth which only requests "View your email address", and it can create Django users without a problem.
How come basic info is needed to create a valid user account? I've been using a hacked up version of django-openid-auth which only requests "View your email address", and it can create Django users without a problem.
Greg Barker
Apr 23, 2014, 2:27:13 PM4/23/14
to django-so...@googlegroups.com, Greg Barker
Oops, just realized I'm in django-social-auth and not python-social-auth. Is this also not possible to do in python-social-auth?
Matías Aguirre
Apr 23, 2014, 2:34:18 PM4/23/14
to Greg Barker, django-social-auth
Well, you are right, it's not really mandatory to request those values in order
to create a user, django-social-auth uses those values to fill the basic
information like first and last name, but it will default to sane values if
they are missing. Still, it's not possible to override the value in
django-social-auth as it is (and it won't be changed since the app is
deprecated).
Instead, you can create your own Google OpenId backend (extending from the one
built-in in the app) and override the method setup_request and avoid axschema
values that trigger the extra permissions message. The default behavior is here
[1] and this is the class you need to extend [2].
[1]: https://github.com/omab/django-social-auth/blob/303f0c91cbd95766cfb48be0873cefcdf756e9e0/social_auth/backends/__init__.py#L501-L537
[2]: https://github.com/omab/django-social-auth/blob/303f0c91cbd95766cfb48be0873cefcdf756e9e0/social_auth/backends/google.py#L111-L117
Hope this helps,
Matías
Excerpts from Greg Barker's message of 2014-04-23 15:23:40 -0300:
> >
>
--
Matías Aguirre (matias...@gmail.com)
to create a user, django-social-auth uses those values to fill the basic
information like first and last name, but it will default to sane values if
they are missing. Still, it's not possible to override the value in
django-social-auth as it is (and it won't be changed since the app is
deprecated).
Instead, you can create your own Google OpenId backend (extending from the one
built-in in the app) and override the method setup_request and avoid axschema
values that trigger the extra permissions message. The default behavior is here
[1] and this is the class you need to extend [2].
[1]: https://github.com/omab/django-social-auth/blob/303f0c91cbd95766cfb48be0873cefcdf756e9e0/social_auth/backends/__init__.py#L501-L537
[2]: https://github.com/omab/django-social-auth/blob/303f0c91cbd95766cfb48be0873cefcdf756e9e0/social_auth/backends/google.py#L111-L117
Hope this helps,
Matías
Excerpts from Greg Barker's message of 2014-04-23 15:23:40 -0300:
> Thanks for the quick reply!
>
> How come basic info is needed to create a valid user account? I've been
> using a hacked up version of django-openid-auth<https://pypi.python.org/pypi/django-openid-auth/>which only requests "View your email address", and it can create Django
>
> How come basic info is needed to create a valid user account? I've been
> users without a problem.
>
> On Tuesday, April 22, 2014 10:32:57 PM UTC-7, Matías Aguirre wrote:
> >
> > There's no way to override that in django-social-auth, still, basic
> > information
> > is needed by the application to create a valid user account.
> >
> > Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
> > > By default, it appears to request both name & email. So Google gives you
> > > the prompt:
> > >
> > > mycoolsite.com would like to:
> > > View your email address
> > > View basic information about your account
> > >
> > >
> > > How do I make it so it only requires "View your email address"? I don't
> > > need the "View basic information about your account" in there.
> > >
> > > Thanks!
> > >
> >
> > --
> > Matías Aguirre (matias...@gmail.com <javascript:>)
>
> On Tuesday, April 22, 2014 10:32:57 PM UTC-7, Matías Aguirre wrote:
> >
> > There's no way to override that in django-social-auth, still, basic
> > information
> > is needed by the application to create a valid user account.
> >
> > Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
> > > By default, it appears to request both name & email. So Google gives you
> > > the prompt:
> > >
> > > mycoolsite.com would like to:
> > > View your email address
> > > View basic information about your account
> > >
> > >
> > > How do I make it so it only requires "View your email address"? I don't
> > > need the "View basic information about your account" in there.
> > >
> > > Thanks!
> > >
> >
> > --
> >
>
--
Matías Aguirre (matias...@gmail.com)
Matías Aguirre
Apr 23, 2014, 2:35:53 PM4/23/14
to Greg Barker, django-social-auth
Ja, easy mistake. This still applies to python-social-auth, but the app is not
deprecated and it can be improved to support that override you need.
Excerpts from Greg Barker's message of 2014-04-23 15:27:13 -0300:
Matías Aguirre (matias...@gmail.com)
deprecated and it can be improved to support that override you need.
Excerpts from Greg Barker's message of 2014-04-23 15:27:13 -0300:
> Oops, just realized I'm in django-social-auth and not python-social-auth.
> Is this also not possible to do in python-social-auth?
>
> On Wednesday, April 23, 2014 11:23:40 AM UTC-7, Greg Barker wrote:
> >
> > Thanks for the quick reply!
> >
> > How come basic info is needed to create a valid user account? I've been
> > using a hacked up version of django-openid-auth<https://pypi.python.org/pypi/django-openid-auth/>which only requests "View your email address", and it can create Django
> Is this also not possible to do in python-social-auth?
>
> On Wednesday, April 23, 2014 11:23:40 AM UTC-7, Greg Barker wrote:
> >
> > Thanks for the quick reply!
> >
> > How come basic info is needed to create a valid user account? I've been
> > users without a problem.
> >
> > On Tuesday, April 22, 2014 10:32:57 PM UTC-7, Matías Aguirre wrote:
> >>
> >> There's no way to override that in django-social-auth, still, basic
> >> information
> >> is needed by the application to create a valid user account.
> >>
> >> Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
> >> > By default, it appears to request both name & email. So Google gives
> >> you
> >> > the prompt:
> >> >
> >> > mycoolsite.com would like to:
> >> > View your email address
> >> > View basic information about your account
> >> >
> >> >
> >> > How do I make it so it only requires "View your email address"? I don't
> >> > need the "View basic information about your account" in there.
> >> >
> >> > Thanks!
> >> >
> >>
> >> --
> >> Matías Aguirre (matias...@gmail.com)
> >>
> >
>
--
> >
> > On Tuesday, April 22, 2014 10:32:57 PM UTC-7, Matías Aguirre wrote:
> >>
> >> There's no way to override that in django-social-auth, still, basic
> >> information
> >> is needed by the application to create a valid user account.
> >>
> >> Excerpts from Greg Barker's message of 2014-04-22 22:57:05 -0300:
> >> > By default, it appears to request both name & email. So Google gives
> >> you
> >> > the prompt:
> >> >
> >> > mycoolsite.com would like to:
> >> > View your email address
> >> > View basic information about your account
> >> >
> >> >
> >> > How do I make it so it only requires "View your email address"? I don't
> >> > need the "View basic information about your account" in there.
> >> >
> >> > Thanks!
> >> >
> >>
> >> --
> >> Matías Aguirre (matias...@gmail.com)
> >>
> >
>
Matías Aguirre (matias...@gmail.com)
Reply all
Reply to author
Forward
0 new messages