Fixing Laravel Socialite’s Google Permissions

Laravel Socialite is a pretty slick PHP library that makes it dead-simple to integrate social login into your Laravel project. Unfortunately, its default permissions request for Google sign-ins is pretty promiscuous. Getting this fixed takes only a little bit of digging but since Google came up dry for me I thought I’d pitch in my solution.

Using Socialite’s out-of-the-box implementation, your users will be presented with this screen when authenticating through your app:

Yikes, it’s so scary they made the text orange. I don’t want some random webapp knowing all of my friends and posting on my behalf. This is no fault of Socialite’s however, they’re using Google’s recommended login scope. Getting around this is simple enough. If we take a look at Socialite’s Google Provider we can see the scopes being used by default:

Check out the $scopes definition on line 20

‘plus.login’ is our culprit. We want to rip him out of there. When using Socialite’s redirect() method we can include an array of scopes and override the defaults:

Now when our users auth with Google they get a much less scary list of permissions:

Easy peezy — happy coding.