Comment by intrasight

I use OAuth2 all the time. And I don't understand the conflation of email and OAuth2 being discussed in that article. With Google's OAuth2, I can get the user's email - but so what? I have no need for it and I never use it.

"Because these non-Gmail Google accounts aren’t actually a member of the Google organization, they won’t show up in any administrator settings, or user Google lists."

I don't understand that statement either. They do show up. Now of course the org could choose to not do anything to manage the access of those users - which is common enough. I made a tool used by some of my larger clients to a) get reports of users and their permissions (available via Google's APIs) and b) batch delete those user permissions.