Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is the Google Strategy in Passport.js deprecated with the end of Google+

I use Passport.js and passport-google-oauth20 in my nodejs aplication for authenticating with a "Google Strategy". I just received an email from Google indicating that I use "plus.people.get" from the Google+ API and that it will be deprecated. Should I change something? I do not use directly this API call but maybe Passport does?

like image 329
jtag Avatar asked Dec 21 '18 15:12

jtag


People also ask

Why do we use passport js?

Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.

How secure is passport js?

Passport. js out of the box is safe as your implementation of it to protect routes from unauthorized access. For example if you forget to apply the middleware to certain routes they would not be protected, if you make a mistake in configuring the authentication strategy you may open up your application to an attack.

What is passport Google OAuth?

Passport strategy for Google OAuth 2.0This module lets you authenticate using Google in your Node. js applications. By plugging into Passport, Google authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.


1 Answers

Yes the Google OAuth strategy for Passport currently uses the Google+ API endpoints for retrieving the user's profile information.

If you disable the Google+ API integration from Google console on https://console.developers.google.com/apis/dashboard then the sign-in with Google will not work for your application. The error received back from Google contains this message:

GooglePlusAPIError: Access Not Configured. Google+ API has not been used in project xxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=xxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

In order for your application to work properly having Google+ API disabled, you have to use this strategy option:

userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
like in this example:
var GoogleStrategy = require('passport-google-oauth20').Strategy;

passport.use(new GoogleStrategy({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://www.example.com/auth/google/callback",
    userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
  },
  function(accessToken, refreshToken, profile, cb) {
           ...
  }
));
like image 69
Vassilis Barzokas Avatar answered Oct 28 '22 03:10

Vassilis Barzokas