Google OAuth API to get user's email address?

Question

I am playing with Google\'s OAuth 2.0 Playground using my own personal Google account, but I cannot seem to recover my Gmail address using the playground.

The scope

Answer 1

As of 2017: use the email scope. See Authorizing API requests.

This email scope is equivalent to and replaces the https://www.googleapis.com/auth/userinfo.email scope.

Answer 2

To retrieve the email address, you need to include the scope: "https://www.googleapis.com/auth/userinfo.email" as mentioned in this document. If this scope is included while you generate the refresh token, you should be able to get the email address of the authenticating user by making the following request:

you can call this with your own access token then will give the response

https://www.googleapis.com/oauth2/v3/userinfo?access_token="YOUR_ACCESS_TOKEN"

response will look like this

{
  "sub": "1057abc98136861333615xz",
  "name": "My Name",
  "given_name": "My",
  "family_name": "Name",
  "picture": "https://lh3.googleusercontent.com/a-/AOh14qiJarwP9rRw7IzxO40anYi4pTTAU_xseuRPFeeYFg",
  "email": "MyName@gmail.com",
  "email_verified": true,
  "locale": "en"
}

or simply you can just write a function

import requests
def get_user_email(access_token):
    r = requests.get(
            'https://www.googleapis.com/oauth2/v3/userinfo',
            params={'access_token': access_token})
    return r.json()

Answer 3

Please see my answer here to the identical issue: how to get email after using google OAuth2 in C#?

• In your scopes variable. Use the value "email" not the full https address. Scope keywords in the web link are separated by spaces. I solve your issue with scopes written as: profile email openid.

Answer 4

I came here looking why my server did not get email in response to /oauth2/v2/userinfo api call. It was only once that I saw this & it has been working well in past.

The answer gave good lead. While fixing this, there were several other resources that helped. Still I am not sure whether expecting always email in the response is ok. so - put error handling in code in case emails are not returned.

1. Google api documentation about migrating to google+ signin.
2. https://www.googleapis.com/auth/userinfo.email scope
3. People resource documentation
4. Add google+ api to the project using google developer console. The complimentary (quota) of calls is quite high (20m for google+ signin api per day).
5. Add error handling & logging in server code in case api returns no emails. In my case, I was looking only type='account' email.

Answer 5

Change the authorizationRequest with given scope: scope=openid%20email%20profile and use userinfoapi. This link worked for me

Answer 6

Update: December 2018

On December 20th, Google announced that the Google+ API would be turned down in March 2019, with intermittent failure starting at the end of January 2019. As part of the the plus.people.get endpoint is deprecated and scheduled to be terminated.

The userinfo endpoint is de-deprecated (see clarification) and should provide the info assuming

1. You request the https://developers.google.com/identity/sign-in/web/devconsole-project scope and
2. You request the email field.

Clarification: 24 Jan 2019

Google documented that the userinfo (v2) endpoint was deprecated, but later changed it to "deprecated, but kept available for backwards compatibility".

Current documentation discusses getting profile and email information through the currently supported openid method. This includes using the "userinfo" endpoint specified in their discovery document, as required by OpenID Connect.

At the moment, that URL is https://openidconnect.googleapis.com/v1/userinfo, but this has changed in the past and the discovery document at https://accounts.google.com/.well-known/openid-configuration is the authoritative source for the URL to use.

So, to be clear:

• The old userinfo URL is maintained for backwards compatibility
• The new userinfo URL is available at the discovery document

Regardless, the plus version of anything (described below) is deprecated and scheduled to be removed.

Original Answer

There are a lot of issues here in what you're doing and how you're trying to do it.

For starters, the https://www.googleapis.com/oauth2/v2/userinfo endpoint is deprecated, and scheduled to be removed in September 2014. It has begun working inconsistently - so don't use it.

As @abraham noted, you'll use the people.get endpoint at https://www.googleapis.com/plus/v1/people/me. This should give you the emails field containing an array of addresses. In your case, there will likely be only one that has a type of "account".