禁用 Google 同意屏幕上的复选框 [英] Disable checkboxes on Google consent screen

问题描述

我们正在使用 Gmail .NET SDK 实现 Gmail 发送 ASP .NET Web 应用程序.

为了做到这一点，我们需要以下所有范围email"、profile"、openid"、

我们已经看到很多示例，其中 Google 同意屏幕上没有启用的复选框.所以，我们很想弄清楚如何在我们的应用中隐藏/禁用复选框，你能提供建议吗?

可能是因为我们的申请还没有通过验证，但我不确定是不是这个原因.

解决方案

答案:

这些复选框是由于推出了新的细粒度帐户权限系统，它们完全正常，无法关闭.

更多信息:

经过一番挖掘，我发现了这篇 Google Developers 博文 从 2018 年开始讨论，在新的权限系统中，用户将能够单独授予或拒绝权限.

来自博文:

<块引用>

在接下来的几个月中，我们将开始对 API 基础架构进行改进.我们将在其自己的对话框中显示应用一次请求的每个权限，而不是在单个对话框中显示所有权限*.用户将能够单独授予或拒绝权限.

*我们不同的登录范围(个人资料、电子邮件和 openid 都组合在同一个同意书中，不需要单独请求.

这似乎仍处于推出阶段，尽管在撰写此答案时距宣布已过去 26 个月.

准备改变:

以下是 Google 提供的关于如何准备针对 OAuth 和 API 的 Google 帐户权限系统所做更改的指南:

• 查看 Google API 服务:用户数据政策并确保您关注他们.
• 在进行 API 调用之前，请检查用户是否已向您的应用授予权限.这将帮助您避免权限不足错误，这可能导致意外的应用程序错误和糟糕的用户体验.通过参考以下平台上的文档了解更多信息:
  • Android
  • 网站
  的文档
  • iOS 文档
• 仅在需要时才请求权限.您将能够在请求每个权限时进行暂存，我们建议在上下文中考虑这样做.当用户可能是第一次使用您的应用程序并且不熟悉应用程序的功能时，您应该避免在登录时要求多个范围.将多个范围的请求捆绑在一起会使用户难以理解您的应用为何需要该权限，并且可能会警告并阻止他们进一步使用您的应用.
• 在请求访问之前提供理由.清楚地说明您为什么需要访问权限、您将如何处理用户的数据以及他们将如何从提供访问权限中受益.我们的研究表明，这些解释可以提高用户的信任度和参与度.

您可以阅读上述链接的博客文章，了解有关更改的完整信息.

参考:

• Google 开发者博客:通过 Google 获得更精细的 Google 帐户权限OAuth 和 API
• Google API 服务用户数据政策 |Google 开发者
• GoogleSignIn |适用于 Android 的 Google API |Google 开发者
• Google 登录 JavaScript 客户端参考莉>
• 登录后请求其他范围 |适用于 iOS 的 Google 登录

We're implementing Gmail sending in out ASP .NET web application with Gmail .NET SDK.

In order to do this we need all following scopes "email", "profile", "openid", https://www.googleapis.com/auth/gmail.send" to be granted to us by user.

However, on the consent screen user can untick checkbox "Send email on your behalf" which is not acceptable for us, please see below:

We've seen quite a few examples where there are no enabled checkboxes on the Google consent screen. So, we're truiyng to figure out how to hide/disabled checkboxes in our app, could you please advise?

Probably, this is because of our application is still not verfified, but I'm not sure if this is the reason.

解决方案

Answer:

These checkboxes are due to the rolling out of a new granular account permission system, they are completely normal, and can not be turned off.

More Information:

After some digging, I discovered this Google Developers blog post from 2018 in which it is discussed that in the new permission system, users will have the ability to grant or deny permissions individually.

From the blog post:

Over the next few months, we'll start rolling out an improvement to our API infrastructure. We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually.

*our different login scopes (profile, email, and openid are all combined in the same consent and don't need to be requested separately.

It seems that this is still in the roll-out phase, even though at the time of writing this answer 26 months have passed since the announcement.

Preparing for the change:

The following are guidelines provided by Google as to how to prepare for the changes they are making to the Google Account permission system for OAuth and APIs:

• Review the Google API Services: User Data Policy and make sure you are following them.
• Before making an API call, check to see if the user has already granted permission to your app. This will help you avoid insufficient permission errors which could lead to unexpected app errors and a bad user experience. Learn more about this by referring to documentation on your platform below:
  • Documentation for Android
  • Documentation for the web
  • Documentation for iOS
• Request permissions only when you need them. You'll be able to stage when each permission is requested, and we recommend being thoughtful about doing this in context. You should avoid asking for multiple scopes at sign-in, when users may be using your app for the first time and are unfamiliar with the app's features. Bundling together a request for several scopes makes it hard for users to understand why your app needs the permission and may alarm and deter them from further use of your app.
• Provide justification before asking for access. Clearly explain why you need access, what you'll do with a user's data, and how they will benefit from providing access. Our research indicates that these explanations increase user trust and engagement.

You can read the aforelinked blog post for full information about the change.

References:

• Google Developers Blog: More granular Google Account permissions with Google OAuth and APIs
• Google API Services User Data Policy | Google Developers
• GoogleSignIn | Google APIs for Android | Google Developers
• Google Sign-In JavaScript client reference
• Requesting additional scopes after sign-in | Google Sign-In for iOS

这篇关于禁用 Google 同意屏幕上的复选框的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！