Platform (Android, iOS, Website):
Website
Browser, if a website issue (Firefox, Chrome, etc) :
Chrome, although I don’t think its browser related
Description is pretty clear - INat asks for Google photos permission every time I log in. That, of course, results with google Security Alert email message.
I can’t recreate this issue, have you tried clearing your browser’s cache?
Yes, I don’t think it has anything to do with my browser, but my account. It’s happening since I’ve registered here.
Here is another user with same issue:
https://forum.inaturalist.org/t/when-using-google-auth-each-login-requires-repeat-consent/7552
I get the exact same issue: if I close my browser I have to log in again with my Google Account, and if I do that I have to reauthorise iNat to have access to Google Photos. Which of course triggers the Security Alert email.
Ohh, I didn’t realize you log in with your Google account. That is an important tidbit of information it would have been nice to know earlier.
I have this issue as well. Hadn’t found a way to word it as nicely.
It’s kind of annoying to have to reauthorize every time I log in. I suspect this is a Google issue, not an iNat issue, though.
But why would INat need permissions for my google photos at first place? At the end, you upload photos manually, not from google photos…
I have this problem as well. Anyone found a solution? I also get a security warning from Google every time I log in.
No solution yet. If possible, I’d recommend creating a password and logging in using your username/email address and password rather than rely on a third party like Google. Relying a third party means that if it goes down (like Facebook did last week) it can prevent you from logging in, plus there are permissions issues. I personally use a third party password manager for my passwords, but you can also save them in your browser and in iOS and Android.
Is that something that can be done after we’ve created an account though?
I created my account using Google because I thought it would work like all other websites (e.g. authorise once) but now it’s constantly asking me to, as others have described in this thread.
Can I change my existing iNaturalist UK account to using an email/password combo rather than a Google login prompt? That would solve the issue for most people, I think.
I was having this issue and only just thought to look in the forum for advice. I believe I initially created my account via Google. Every time I started up my browser I had to login and give permissions again (“iNaturalist wants to access your Google account / This will allow iNaturalist to: View your Google Photos library)”, triggering security notifications on my phone and via email.
I went to the Account Settings page and saw my Email listed there (it’s the same one I use with my Google account, I don’t usually use that particular address to sign up for anything) along with a Change Password form. So, I set a password, logged out and tried logging in with Email and Password instead of using Google which worked. I closed my browser and re-opened it and was still logged in. So, I think it is possible!
I’m assuming that when I created my account, it set up an ordinary Email account (getting my email address from Google). Either that or I just forgot that I set one up which is very possible.
We ask for permission to access photos for those who want to import photos to iNat from Google Photos. There isn’t anything we can do about how often or when Google notifies you, that’s on the Google side of things. So this isn’t a bug.
Since it’s no longer possible to get coordinates when importing photos from Google Photos, I’d be for using Google log-in being just for logging in, not for photo import. That should prevent or minimize these emails from Google with very little downside, IMO. But we’d need to think about it.
Same issue here. I log in to the website with my Google account. On every login, I am asked to grant permission. And I get a security warning from Google by email. This is not normal. Website do not typically exhibit that behavior. However I maybe can’t think of another website (rather than an app) which asks for device permission…
PS I wonder if it might be something like you don’t keep oauth refresh_token when the user allows permission. If you only keep the access_token, that could explain things