I'm successfully using Laravel 5's socialite feature, but I feel that it's asking for more permissions than makes sense for the end user when they sign up. For instance, Google tells my users that I need:
Know your basic profile info and list of people in your circles. Includes people in circles that are not public on your profile.
and
Allow Google to let the people in these circles know that you have signed in to this app with Google: Your circles
All I need is the user's name and email address. How can I reduce the scope so that users don't have to worry about me posting things on their behalf?
Laravel's docs list this:
http://laravel.com/docs/5.0/authentication#social-authentication
return Socialize::with('github')->scopes(['scope1', 'scope2'])->redirect();
But there's no documentation on what scopes I can use, or if I can remove default scopes. Any ideas?
It turns out that these extra permission requests only showed up while the API was disabled in my Google Dev console. It doesn't make sense as to why the scope request would change, but the request wont work anyway without the API being enabled. Enabling the Google Plus API simply changed all of the permissions to just 'offline access'. Looks much cleaner and better for the end user.