0
votes

I have configured django social auth's to take from google only e-mail, but google shows this screen alerting app user that gender, date of birth, picture, language will be collect:

enter image description here

My django-social-auth config is as follow:

WHITE_LISTED_DOMAINS = [ 'some_domain', ]
GOOGLE_WHITE_LISTED_DOMAINS = WHITE_LISTED_DOMAINS
SOCIAL_AUTH_EXTRA_DATA = False    
#LOGIN_ERROR_URL    = '/login-error/' Not set
#SOCIAL_AUTH_DEFAULT_USERNAME = 'new_social_auth_user' Not set
#GOOGLE_CONSUMER_KEY          = '' Not set
#GOOGLE_CONSUMER_SECRET       = '' Not set
#GOOGLE_OAUTH2_CLIENT_ID      = '' Not set
#GOOGLE_OAUTH2_CLIENT_SECRET  = '' Not set
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = False
SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['email',]

INSTALLED_APPS = (
    'django.contrib.auth',
     ...
    'social_auth',
)

How can I do to avoid this google message?

EDITED

I have move to GoogleOauth2 auth and inherit and change google backend:

from social_auth.backends.google import *

GOOGLE_OAUTH2_SCOPE = ['https://www.googleapis.com/auth/userinfo.email',]

class GoogleOAuth2(BaseOAuth2):
    """Google OAuth2 support"""
    AUTH_BACKEND = GoogleOAuth2Backend
    AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/auth'
    ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
    REVOKE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/revoke'
    REVOKE_TOKEN_METHOD = 'GET'
    SETTINGS_SECRET_NAME = 'GOOGLE_OAUTH2_CLIENT_SECRET'
    SCOPE_VAR_NAME = 'GOOGLE_OAUTH_EXTRA_SCOPE'
    DEFAULT_SCOPE = GOOGLE_OAUTH2_SCOPE
    REDIRECT_STATE = False

    print DEFAULT_SCOPE  #<------ to be sure

    def user_data(self, access_token, *args, **kwargs):
        """Return user data from Google API"""
        return googleapis_profile(GOOGLEAPIS_PROFILE, access_token)

    @classmethod
    def revoke_token_params(cls, token, uid):
        return {'token': token}

    @classmethod
    def revoke_token_headers(cls, token, uid):
        return {'Content-type': 'application/json'}

But google still ask for profile data, profile is still in scope:

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&redirect_uri=...

Runs fine if I modify by hand social-auth code instead inherit:

def get_scope(self):
    return ['https://www.googleapis.com/auth/userinfo.email',]

What is wrong with my code?

2
Have you defined the new backend in AUTHENTICATION_BACKENDS?omab
Yes, and print DEFAULT_SCOPE outpùt is the new scope but ... I have another print into your django-auth code and that print outputs includes userinfo.profile.dani herrera
What happens if you override get_scope() on the new class? Also remove the other backend from that same setting.omab
Also tried unsuccessfully. But from now, this is a development issue. Thanks to you to point to exact social auth module to overwrite. I check your answer as solution and I will test for final approach, middle time, if you found a solution, please, post it. Thanks about your job and to share this valuables piece of code.dani herrera

2 Answers

1
votes

That's because the default scope used on google backend is set to that (email and profile information), it's defined here. In order to avoid that you can create your own google backend which just sets the desired scope, then use that backend instead of the built in one. Example:

from social_auth.backends.google import GoogleOAuth2

class SimplerGoogleOAuth2(GoogleOAuth2):
    DEFAULT_SCOPE = ['https://www.googleapis.com/auth/userinfo.email']
1
votes

Those who don't know how to add in AUTHENTICATION_BACKENDS, if using the way Omab suggested you need to add newly defined backend in your setting.py file:

AUTHENTICATION_BACKENDS = (
    'app_name.file_name.class_name',  #ex: google_auth.views.SimplerGoogleOAuth2
    # 'social_core.backends.google.GoogleOAuth2', # comment this as no longer used
    'django.contrib.auth.backends.ModelBackend',
)

To know how to create the class SimplerGoogleOAuth2 check Omab's answer.