Jump to content

Feature request: Control Authorized Developer Authorizations per App

rotznas

By rotznas
in Website

Followers 3

Recommended Posts

rotznas

+rotznas

Posted
Posted

Hi, 

I like the possibility to not share my personal information with Authorized Developer geocaching applications since it exists. But unfortunately there is only an on / off checkbox. 

I'd like to be able to allow e.g. Locus Map and GSAK to access the API and to decline it for all others? 

Please add this as feature per App. Thanks. 

 

Is there any official way to ask for this feature or is here the right place for that?

 

Thanks Wolle

  • Upvote 2
  • Funny 2
Link to comment
Max and 99

+Max and 99

Posted
Posted
1 hour ago, rotznas said:

Hi, 

I like the possibility to not share my personal information with Authorized Developer geocaching applications since it exists. But unfortunately there is only an on / off checkbox. 

I'd like to be able to allow e.g. Locus Map and GSAK to access the API and to decline it for all others? 

Please add this as feature per App. Thanks. 

 

Is there any official way to ask for this feature or is here the right place for that?

 

Thanks Wolle

Something like this?

 

Screenshot_20231227-124602.thumb.png.8357673a7af32dc1fb66374e90990dfd.png

  • Upvote 1
Link to comment
MartyBartfast

+MartyBartfast

Posted
Posted (edited)
1 hour ago, arisoft said:

I think that this feature is already in use. At least I have to activate this for every App separately. You may not have noticed this because you do not use any app?

That authorization is for you to interact with GC.com via that app, e.g. for you to look up caches and log them etc.

But, even if you have not authorized Cachly, Locus, Project-GC,etc.  individually, I can see your username and activity in those apps which I am authorized for; the only way to prevent me seeing your activity in the various apps is for you to deny all third party apps using the tickbox you posted above, and then your logs appear as "anonymous user" or something similar. I think they OP wants to be able to selectively choose which apps can access his details.

Edited by MartyBartfast
Link to comment
MartyBartfast

+MartyBartfast

Posted
Posted (edited)
29 minutes ago, arisoft said:

GSAK and Locus. Neither of them can access anything without user's permission.

Yes they can. They both show logs from all users UNLESS they have specifically chosen to opt out. My wife's account is basic and therefore has no API access and so she has never authorized any API app at all, but her logs show in my GSAK database and on my Locus app when looking at who has logged caches.

If you think about your statement, if you were correct  then that would mean that NO basic members logs or caches would be available in any of the apps as basic members CANNOT authorize API apps.

If a user has ticked the opt-out option then both their logs and their caches show up as "Opted-out user" in Locus and GSAK, and I assume all other API apps.

Perhaps I shouldn't have used the word "details", "activity" would have been more appropriate.
 

Edited by MartyBartfast
  • Upvote 2
Link to comment
arisoft

+arisoft

Posted
Posted
10 minutes ago, MartyBartfast said:

Yes they can. They both show logs from all users UNLESS they have specifically chosen to opt out. My wife's account is basic and therefore has no API access and so she has never authorized any API app at all, but her logs show in my GSAK database and on my Locus app when looking at who has logged caches.

 

Now we are on the same page.

 

Can you explain what are the benefits for allowing only GSAK and Locus users (all of them) to see OP's public finds? I think that only seeing OP's private information needs a such control.

  • Upvote 1
Link to comment
barefootjeff

+barefootjeff

Posted
Posted
9 hours ago, rotznas said:

I like the possibility to not share my personal information with Authorized Developer geocaching applications since it exists

 

I really wish they'd use different terminology here. To me, "personal information" is stuff like my real name, email address, physical address, phone number, date of birth, etc. but none of that is shared with Authorized Developer partners or even known by HQ. There's nothing in a geocaching profile that links to a real person unless that person decides to make themselves known.

  • Upvote 1
  • Helpful 1
Link to comment
A J Pombo

+A J Pombo

Posted
Posted
14 hours ago, rotznas said:

Hi, 

I like the possibility to not share my personal information with Authorized Developer geocaching applications since it exists. But unfortunately there is only an on / off checkbox. 

I'd like to be able to allow e.g. Locus Map and GSAK to access the API and to decline it for all others? 

Please add this as feature per App. Thanks. 

 

Is there any official way to ask for this feature or is here the right place for that?

 

Thanks Wolle

Yes, we need someting like this (chose what Authorized Developer can download my logs):

Untitled.jpg

  • Funny 2
Link to comment
Torttu99

+Torttu99

Posted
Posted

I opened a new topic for this same issue, but looks like this is the right place to continue. Is the following setting even possible:

 

- I want to allow project-gc to access my personal data (just to use challenge checkers)

- I want to deny another authorized application (geocache.fi) access for _all_ of my personal information

- if I revoke access for geocache.fi, but do not tick on that "Do not share my personal information..." checkbox, geocache.fi still has access to my data (for example find count etc)

- and if I tick that checkbox on, geocache.fi doesn't have access to my data anymore but then the project-gc will also lose access to my data ("User has opted out from sharing public profile information with Authorized Developers")

 

So why it is not possible to deny _all_ access for some 3rd party sites and allow access to some other? And about that last question, wouldn't that be fair for user to have full control how his/hers data is used on 3rd party applications?  Why this should be so that if you give access to application A, you automatically give access to apps B,C,D also? Especially if I don't use those applications B,C and D at all. So my answer for the question "What is that going to give you?" is that I just do not want my username to be seen on certain application. Is that enough for answer? 

 

 

  • Upvote 1
Link to comment
arisoft

+arisoft

Posted
Posted
11 minutes ago, Torttu99 said:

I just do not want my username to be seen on certain application.

 

This is the result, what happens if you have this control, but why you need a such control? There may be a legitimate reason, but it is not disclosed in this thread yet.

  • Surprised 1
Link to comment
arisoft

+arisoft

Posted
Posted (edited)
52 minutes ago, Torttu99 said:

Why this should be so that if you give access to application A, you automatically give access to apps B,C,D also?

 

In the long run I should change my Mobile App from an authorized app to the unauthorized app because it does not make sense that authorized apps do not work properly and the official app is made for entry level users. Currently there are only few anonymous players in the game but with this control the whole idea of authorized developers could be rendered useless.

Edited by arisoft
Link to comment
MartyBartfast

+MartyBartfast

Posted
Posted
7 hours ago, Torttu99 said:

So why it is not possible to deny _all_ access for some 3rd party sites and allow access to some other?

I suspect it's because the law in some countries/states requires that sites provide the ability for users of those sites to deny their data being shared with 3rd parties. These laws do NOT require that you're provided with the ability to selectively share with some 3rd parties but not others.

Groundspeak have provided what they need to in order to comply with the law, it would probably be significantly more effort to allow the selectivity you've requested and it's not worth that effort for what is almost certainly a very small number of cachers who might want it.

BTW the App Authorizations that you can grant or revoke are authorizations for you when YOU are using that app, e.g. to download caches using your account etc. Sites which are doing bulk handling of data such as Project-GC and I suspect geocache.fi aren't using your app authorization to get that data they're using their own, hence they can get data on users who have never authorized that app.

  • Upvote 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 3
Go to topic listing
×
×
  • Create New...