I use Passport.js and passport-google-oauth20 in my nodejs aplication for authenticating with a "Google Strategy". I just received an email from Google indicating that I use "plus.people.get" from the Google+ API and that it will be deprecated. Should I change something? I do not use directly this API call but maybe Passport does?
Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.
Passport. js out of the box is safe as your implementation of it to protect routes from unauthorized access. For example if you forget to apply the middleware to certain routes they would not be protected, if you make a mistake in configuring the authentication strategy you may open up your application to an attack.
Passport strategy for Google OAuth 2.0This module lets you authenticate using Google in your Node. js applications. By plugging into Passport, Google authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Yes the Google OAuth strategy for Passport currently uses the Google+ API endpoints for retrieving the user's profile information.
If you disable the Google+ API integration from Google console on https://console.developers.google.com/apis/dashboard then the sign-in with Google will not work for your application. The error received back from Google contains this message:
GooglePlusAPIError: Access Not Configured. Google+ API has not been used in project xxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=xxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
In order for your application to work properly having Google+ API disabled, you have to use this strategy option:
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
like in this example:
var GoogleStrategy = require('passport-google-oauth20').Strategy;
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: "http://www.example.com/auth/google/callback",
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
},
function(accessToken, refreshToken, profile, cb) {
...
}
));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With