1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
|
From: Neil McGovern <neil@gnome.org>
Date: Thu, 31 Jan 2019 14:24:19 +0100
Subject: google: Only request the email field when getting the user's
identity
Currently, a lot of personal information was being received, including
gender and profile picture. The email is the only thing that's really
used, for the account's identity and presentation identy, and the rest
was being simply thrown away. Therefore, avoid receiving them in the
first place.
Verified via the Google APIs Explorer and the Google OAuth 2.0
Playground:
https://developers.google.com/apis-explorer/#p/oauth2/v2/oauth2.userinfo.get
https://developers.google.com/oauthplayground/
https://gitlab.gnome.org/GNOME/gnome-online-accounts/merge_requests/19
---
src/goabackend/goagoogleprovider.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c
index cc9a8f8..9e331c1 100644
--- a/src/goabackend/goagoogleprovider.c
+++ b/src/goabackend/goagoogleprovider.c
@@ -172,6 +172,7 @@ get_identity_sync (GoaOAuth2Provider *oauth2_provider,
call = rest_proxy_new_call (proxy);
rest_proxy_call_set_method (call, "GET");
rest_proxy_call_add_param (call, "access_token", access_token);
+ rest_proxy_call_add_param (call, "fields", "email");
if (!rest_proxy_call_sync (call, error))
goto out;
|