What steps will reproduce the problem? 1. An user with no Google Glass devices arrives at your glassware enabled website 2. They follow the full OAuth2 process which includes the Glass scopes (timeline and/or lcoation) 3. The process finalizes successfully and the glassware developer has no idea if the user actually has access to any devices.

What is the expected output? What do you see instead?

Some kind of error message or an information package notifying the glassware developer about the actual number of devices attached to that Google account.

What version of the product are you using? On what operating system?

Latest version of the Mirror API (as of the date of this report).

Please provide any additional information below.

This behavior is unexpected and somehow problematic as those users might be consuming resources of the app, may expect some functionality our if it, but they can't get any services in return.

See the stackoverflow discussion for more background: http://stackoverflow.com/questions/17076368/why-a-google-user-without-the-glass-device-is-able-to-complete-the-oauth2-proces

Also see http://stackoverflow.com/questions/16947528/how-to-find-out-if-a-user-actually-has-glass/16948197#16948197 which had a similar question, and a proposed answer to do double opt-in as a way to mitigate the resource issue for now.

A workaround if I may: Your post oauth flow shouldn't immediately post a welcome card, this causes the issue as explained. Rather, it may be good DX to send user to a settings page where your verification logic can exist and then they enable additional settings specific to your glassware. A POST then fires of welcome card by "send to glass".

An example implementation with the CNN glassware could be adding second opt a "Send to Glass" submit on the http://cnn.currentnewsnotify.com page

Downsides? Too many steps..

All users have a timeline. By requesting those scopes, you're asking for access to that abstract data.

If that activates a Glass device, their timeline is synchronized to that device.

If there was a way to detect if a timeline card had been observed, per issue #61 - https://code.google.com/p/google-glass-api/issues/detail?id=61, would that satisfy your need?

I think it would go a long way, and would lead towards the best practice of the double-opt-in method (where the second opt-in would be simply viewing the card). I can see edge cases where the person might never see the card (Glass gets the card later, by which time it is buried in other cards they might not go through), so it breaks the "timely" guideline, and dealing with that well is extra work on the Glassware side, but I think it is a reasonable trade-off.