How does the new google+ sign-in apis fit into making authenticated calls to Cloud Endpoints. To use OAuth with endpoints the app must request permission for the 'https://www.googleapis.com/auth/userinfo.email' scope at a minimum. Will using the Google+ sign-in button grant this scope? Or am I going to have to ask my users for yet another permission??

The Google+ sign-in button has a "scopes" attribute that you can list additional scopes that you would like to request. You can list the userinfo.email scope there as well as any Cloud specific ones.

If you need to retrieve a user's email address, you can add the userinfo.email scope within that attribute and then use the appropriate REST end point to retrieve the address.

Additionally, to retrieve email addresses in mobile apps, see:

• Android
• iOS.

The userinfo.email scope is in addition to the plus.login scope. In fact, plus.login explicitly doesn't give access to the user's email address.

Although you'll be asking for "another permission", this is all done at the same time in a single OAuth screen, so all the permissions will be listed at once. The user isn't presented with screen after screen of permissions, the request for their email will be listed along with the requests for the plus.login scope information.