Is there a way to *only* get a user's email address with Google's OAuth2 implementation?

Question

I have a \"Sign in with Google+\" button on my page. When people click on it, I want the only thing they authorize to be \"View your email address.\"

I

Answer 1

Indeed, I've noticed that too. And I found an explanation from February 2013 here:

This is an intentional change to more precisely communicate to users the set of permissions that is being granted. Through knowledge of the user's email address it is possible, via indirect means, to locate the user's profile address. In the interest of more accurate disclosure, thus, we are prompting users to approve such disclosure.

Answer 2

Not exactly what you want, but combining profile and email will at least give one a less scary description for the first:

This app would like to:

• View basic information about your account
• View your email address

...with the help for the first saying:

More info

View your name, public profile URL, and photo
View your gender
View your country, language, and timezone

To me, this feels better than the vague This app is requesting permission to associate you with your public Google profile which one gets as the More Info for Know who you are on Google+, when not explicitly using scope profile, or when using scope openid.

As an aside: LinkedIn's OAuth 2 also always needs a user to grant access to Your Profile Overview, even if an application only needs some unique identifier. Other than with Google's explanation in Owen's answer, I assume LinkedIn really wants developers to use their network features.