Google oAuth 2.0 new authorization and token endpoint

Question

I will update my code for Google oAuth2.0 web-views disallow warning. I found the authorization and token endpoints had changed in document.

I use the endpoint as follows since 2014.

1. "accounts.google.com/o/oauth2/auth"
2. "accounts.google.com/o/oauth2/token"

new endpoint as follows

1. "accounts.google.com/o/oauth2/v2/auth"
2. "www.googleapis.com/oauth2/v4/token"

I try my code for old and new endpoint. It works on all endpints. Can I still use old endpoints? or Have expired date for old endpoints?

Thanks!

Answer 1

In order to be fully compliant with the OpenIDConnect spec, We created the new endpoints because we didn't want to break existing developers. So the new endpoints are OpenIDConnect complaint (and tools find them through discovery doc). There are minor changes (I don't remember all of them at the moment) .. e.g. issuer in the id_token is https://accounts.google.com instead of accounts.google.com

Since many new open source tools in the future (which you may use) will be OpenIDConnect complaint, I suggest using the new ones. We don't have any plans to deprecate the old ones but will continue to monitor the usage and decide if it is worth deprecating if all the traffic shifts to new ones.