[nenadg]

We take name and email and userid, in a really non-malicious attempt to create your future profile. You will be able to opt-out according to GDPR, soon.

[ovao]

That doesn’t quite answer his question. Why is the age range mandatory to create an account via Google? The basic permissions — notably the ID for each user Google will hand back to you — should be sufficient for that purpose.

[nenadg]

It is more convenient for us to use Google and Facebook login mechanisms than to create one from the scratch.

We use two methods provided by Passportjs (plus.login and userinfo.email).

I guess one of these asks for age range. You can check their documentation for more details at http://www.passportjs.org/docs/google/.

And for the transparency sake, these are the parts of code on our side.

router.get('/callback', passportGoogle.authenticate('google', { failureRedirect: '/' }), (req, res, next) => { let user = req.user.doc; let userId = user.userid;

    ///
    res.cookie('token', userId, { ...

and this is what is saved to Mongo DB:

var UserSchema = new mongoose.Schema({ name: String, userid: String, email: String, sourcePlatform: String, updated_at: { type: Date, default: Date.now }, });

Hope that helps ;)

[ovao]

Thanks for the response! Transparency is always appreciated.

It looks like the age range is a component of the plus.login scope. You’re not storing any data associated with that scope, so you can instead use the userinfo.email scope (and, possibly, the userinfo.profile scope) to ask for only the information you need.

[rhizome]

Is filling out whatever is in the profile really a source of friction?