I am using hybridauth for "login with" (google+, twitter, github, windows live).
I only need the authentification. I don't need any extra permissions.
However, the dialog in all those networks asks the user to grant all kind of scary permissions to my app.
How can I strip the required permissions down to the bare minimum ("identity" or "authentification").
Is that with a setting in hybridauth or in my app entries in the respective developer interface (at google+, twitter, github, windows live, respectively)? I cannot find the settings anywhere.
What you are looking for are the SCOPE parameters for each service. As these seem to change from time to time I won't list them directly here, however if you search:
[service] oauth scope list
you should find a relevant list for the given service.
To specify the scope with Hybridauth (v2.5.1), add the following to the relevant service in the config.php:
"scope" => "list_of_scope_ids_separated_by_space"
For example, to request email and basic info only from Google add the following to the "Google" configuration:
"scope"=>"https://www.googleapis.com/auth/userinfo.email"
More information on the Hybridauth config.php file can be found here: http://hybridauth.sourceforge.net/userguide/Configuration.html