GoogleSignIn-iOS icon indicating copy to clipboard operation
GoogleSignIn-iOS copied to clipboard
verified publisher icon google

`GIDSignIn.sharedInstance.signIn(...)` is requesting more scopes than it should on version 7.1.0

Open fabio914 opened this issue 1 year ago • 4 comments

Describe the bug I was updating Google Sign-In in our app from version 6.0.2 to version 7.1.0 and I noticed that even though we're not requesting any additional scopes, GIDSignIn.sharedInstance.signIn(...) is presenting a page after login asking the user to give additional permissions before completing the Sign-In flow.

This wasn't happening previously when we were using version 6.0.2.

To Reproduce Steps to reproduce the behavior:

  1. Use this call to initiate the Sign-In flow:
GIDSignIn.sharedInstance.signOut()
GIDSignIn.sharedInstance.configuration = GIDConfiguration(clientID: "...our client ID")

GIDSignIn.sharedInstance.signIn(
    withPresenting: presentingViewController,
    completion: { [weak self] result, error in
        // ... complete login
    }
}
  1. Run the app on the simulator or a device.
  2. Initiate the Sign-in flow.

Expected behavior No additional scopes should be requested after completing Sign-In with Google.

Screenshots

Version 7.1.0
Screenshot 2024-05-03 at 11 51 05

Environment

  • Device: Tested on the iPhone 15 Simulator (iOS 17.0) and an iPhone 11 Pro (iOS 17.4.1)
  • OS: iOS 17

fabio914 avatar May 03 '24 11:05 fabio914

I wonder if this is related to this extra parameter: include_granted_scopes=true https://github.com/google/GoogleSignIn-iOS/pull/70

fabio914 avatar May 03 '24 13:05 fabio914

I managed to rebuild the framework without include_granted_scopes=true and confirm that this change in behaviour is because of that flag. Would it be ok to make that configurable?

This isn't how our Sign-in with Google flow behaves on the web and our Android app, we'd prefer to keep that consistent and only request the email and profile scopes.

fabio914 avatar May 03 '24 13:05 fabio914

Hey @fabio914. Thanks for the issue. It's been this way for quite some time - this commit https://github.com/google/GoogleSignIn-iOS/pull/70/commits/1f87abd217864c292224df362cd998dd9b582c73 was included in GSI 6.1.0, released in December 2021.

We will take this as a feature request and will consider it for the future.

mdmathias avatar May 10 '24 15:05 mdmathias

We ran into the same issue. There is no way for us to temporarily add scopes for a one-off operation, without having to ask the user to reconfirm those scopes every time they log in. Please allow for the option not to request all previously granted scopes as we may not need them at login

jcolicchio avatar May 24 '24 04:05 jcolicchio