Diego81 / omnicontacts

A generalized Rack middleware for importing contacts from major email providers.
477 stars 231 forks source link

Ask only readonly permission for Gmail contacts #137

Closed rewritten closed 9 years ago

rewritten commented 9 years ago

No write access is needed.

See https://developers.google.com/google-apps/contacts/v3/#authorizing_requests_with_oauth_20

Solves #136 and #12

rewritten commented 9 years ago

Any love? This is useful because with the current scope, the user gets asked for "manage contacts" permission (instead of "read contacts"), and the purpose of the library is to import only. This scares away users, defeating the purpose of importing contacts...

Burkazoid commented 9 years ago

+1 from me. I personally ended up just passing this through the parameters, but thank you for the code:

importer :gmail, app_id, app_secret, { redirect_path: "/contacts/gmail", scope: "https://www.googleapis.com/auth/contacts.readonly https://www.googleapis.com/auth/userinfo#email https://www.googleapis.com/auth/userinfo.profile" }
rewritten commented 9 years ago

I have this overridden in the initializer, but I understand that it rarely has sense to ask for write permission in this context, so the PR.