We’ve got Lock set up to allow users to create an account and sign in through Google. When the user does this, this screen comes up (email address redacted):
Two problems here:
- Most alarming is the Gmail permissions. This is going to be scary for a new user. I have no idea why it’s there to begin with; we do nothing like this with the user’s email and I don’t even know how we would if we wanted to. Any way to scale this message way back?
- Can we change the mentions of “auth0.com” to our company name? I found this thread, but has anything changed in the last two years?
Thanks! Hopefully fixing #2 would curb users’ concerns a little bit. I’ll put in a ticket with Google about #1; I can’t believe there’s nothing we can do about that when I don’t know what we’re doing to make that show up to begin with.
Let me ask the appropriate team!
@tlhinman are you Folks using developer keys for that social connection?
You should use your own keys and a custom domain in order to get rid of the auth0.com part.
Google uses the TLD+1 of the redirect URI received in the request so if using a custom domain that would be your domain.
Thanks! I think we can make custom domains work; currently working on it in our dev environment.
As for the scary Gmail warnings, this was helpful: Add Scopes/Permissions to Call Identity Provider APIs
I have no idea how that Gmail box got checked to begin with, but it’s off now. It was never on for our production tenant, so it was likely never a problem there.
1 Like
Gotchya! Thanks a lot for sharing it with the rest of community!
