Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?

Tags:

openid-connect

openid

google-oauth

openid2

According to The Google OpenID 2.0 migration timetable, "mapping of OpenID 2.0 identifiers to OAuth 2.0 identifiers will continue to work until January 1, 2017."

It is not 100% clear from the documentation what form this transition will take. Will requesting scope: "openid" or openid.realm: "something" begin to return an error? Or will the old openid value simply not be present in the response? The Google OpenId Connect Documentation still uses the request values in its example OpenID Connect authentication URI.

Does anyone have a better understanding of how exactly this is going away? Our approach is to drop the openid scope and the openid.realm, but we're trying to get better certainty on the exact form of the change.

like image 450
Brett Avatar asked Dec 22 '16 15:12

Brett

People also ask

Is OpenID Connect dead?

Is OpenID Dead? Yes, OpenID is an obsolete standard that is no longer supported by the OpenID Foundation.

How does OpenID 2.0 work?

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.

Is OpenID 2.0 deprecated?

Note: We deprecated OpenID 2.0 as of Friday May 31, 2019.

What is the difference between OpenID Connect and oauth2?

OAuth 2.0 is designed only for authorization, for granting access to data and features from one application to another. OpenID Connect (OIDC) is a thin layer that sits on top of OAuth 2.0 that adds login and profile information about the person who is logged in.

1 Answers

The openid scope relates to OpenID Connect, not OpenID 2.0 (it's confusing, I agree…). OpenID Connect is fully supported and not going away, so the openid scope is still completely supported.

Passing the openid.realm param after the mapping is turned down won't return an error, it's just that the old openid value may not be present in the response. So you should design your service to be able to gracefully handle the case where no OpenID 2.0 value is present in the response.

like image 126
William Denniss Avatar answered Oct 04 '22 00:10

William Denniss
Sign in to Comment

Related questions

Codeigniter, OpenID and .htaccess
Import logged in user disqus comments
What's the difference between OpenID Provider and OpenID WebRing SSO Provider?
Jenkins restrict access to only Google Apps Domain users using OpenID Authentication
Is there a openid-selector that supports Facebook, Twitter, and top sites in the 2010's?
Does Application Type (OpenID Connect) correspond to Client Type (OAuth 2.0)?
Browser based OAuth / OpenID with persistent login
Overriding TokenEndPoint in AspNet.Security.OpenIdConnect.Server
Self-Issued OpenID Provider vs OpenID Provider
AADSTS70007: 'query' is not a supported value of 'response_mode' when requesting a token
Saving OpenId fields to a database - what are their types/lengths?
Implementing OpenID. Is there anything unique to identify the user?
Is it possible to test Google App Engine OpenID authentication on development Server?
How do StackExchange sites associate user accounts and OpenID logins?
Is facebook an openid provider?
Register while login with openid spring security
How to configure Spring 4.0 with spring boot and spring security openId
Write a custom OmniAuth strategy
OAuth scopes and application roles & permissions
How do you enable customers to log in to your site using their Google account?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!