A number of our users authenticate through the Google OAuth API (https://developers.google.com/+/web/api/rest/oauth)
What is the future of the Google's version OAuth API beyond the April 2019?
OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint becoming obsolete?
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days. There is currently a limit of 100 refresh tokens per Google Account per OAuth 2.0 client ID.
For your question: If you are building just a basic API, with simple GET and POST requests, then you might want to ask yourself if the data that you are displaying or manipulating requires "security". If not then most likely, you don't need to implement OAuth.
Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data. You can also use Google Sign-in to provide a "sign-in with Google" authentication method for your app.
OAuth 2.0 is much more usable, but much more difficult to build securely. Much more flexible. OAuth 1.0 only handled web workflows, but OAuth 2.0 considers non-web clients as well.
Update 12/21/18
Google+ Shutdown Notice
[End Update]
OAuth 2.0 is a service provided by Google Accounts. The end of life for Google+ will not affect OAuth 2.0.
OAuth 2.0 is the foundation authentication service for Google Cloud Platform, G Suite and many other services. OAuth 2.0 is token based, and these tokens can be used on a variety of services, both Google based and third party.
A further question was asked below in the comment section about endpoints.
The Google+ endpoint for user information: googleapis.com/plus/v1/people/me will probably continue to exist for years (awaiting official announcement from Google).
I would start using the Google OAuth 2.0 endpoint (notice the alt=json): https://www.googleapis.com/oauth2/v3/userinfo?alt=json
Which returns Json that looks like this:
{
"id": "123456789012345678901",
"email": "[email protected]",
"verified_email": true,
"name": "User Name",
"given_name": "User",
"family_name": "Name",
"link": "https://plus.google.com/123456789012345678901",
"picture": "https://lh3.googleusercontent.com/.../mo/photo.jpg",
"locale": "en",
"hd": "example.com"
}
The current list of Google OAuth 2.0 endpoints:
https://accounts.google.com/.well-known/openid-configuration
What is the future of OAuth API beyond the April 2019?
Oauth is not an api it is a protocol for authentication. In this instance the authentication response is used to access googles APIs. Googles use of Oauth2 for authentication is not going any where there has been no announcement that it is being discontinued in any way. Nor do i think they would as to my knowledge it is current industry standard for authenticating to APIs
OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint
The Google people api may contain the term plus in the url but it does not really have anything to do with Google plus (other than really bad naming).
[Documentation] The People api lets you list and manage the authenticated user's Contacts and retrieve profile information for authenticated users and their contacts.
Which actually has nothing to do with Google plus other than the fact that some of the users profile information may have originally been contained within Google plus which has now been moved i suspect (but i have no proof of that). I did send off an email to google asking for some clarification as to exactly which endpoints are shutting down.
Shutdown
So what is going to happen with the shutdown
What will happen to people overview will be a really good question. They may be renamed however i suspect they may just be left alone to access the google contacts as they do currently. (again i have no proff of this)
Get current user info
If you want to get the information about the current user then an idea would be to use the userinfo endpoint. As long as you requested the profile scope you can request the current users info from the identity server directly
Request:
GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer qMgWQHD0MstTDVip7hIYipUpSQkxexF4-W0bI3geEaYk0ztVryYZyFRrZDFWkn69Hw3RlBjfOuXJ8df_iv5ATgW3y0BUkI0xMXeGq22qmfqG-4duSU
Response:
{
"picture": "https://lh5.googleusercontent.com/-a1CWlFnA5xE/AAAAAAAAAAI/AAAAAAAAl1I/UcwPajZOuN4/photo.jpg",
"name": "Linda Lawton",
"family_name": "Lawton",
"locale": "en",
"gender": "female",
"link": "https://plus.google.com/+LindaLawton",
"given_name": "Linda",
"id": "117200475532672775346"
}
I suspect that some of this is going to change. Link for example is not going to be able to link to google plus anymore. I think i will send off an email to google to see what they intend to do about that.
Email will only appear in the response if you have also requested email scope when authenticating the user.
update
blog post on api shutdown just went out and gives information on what APIs are being shut down and when.
The most commonly used APIs that are being shut down include:
Google+ REST API
Google+ Web API
Google+ Android SDK
Google+ Domains API
Google+ Pages API
This still doesn't clear up the issue with the people API being Google contacts yet part of the Google+ rest API
https://developers.googleblog.com/2018/12/google-apis-shutting-down-march-7-2019.html?m=1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With