20
votes

A number of our users authenticate through the Google OAuth API (https://developers.google.com/+/web/api/rest/oauth)

What is the future of the Google's version OAuth API beyond the April 2019?

OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint becoming obsolete?

3

3 Answers

19
votes

Update 12/21/18

Google+ Shutdown Notice

[End Update]

OAuth 2.0 is a service provided by Google Accounts. The end of life for Google+ will not affect OAuth 2.0.

OAuth 2.0 is the foundation authentication service for Google Cloud Platform, G Suite and many other services. OAuth 2.0 is token based, and these tokens can be used on a variety of services, both Google based and third party.

A further question was asked below in the comment section about endpoints.

The Google+ endpoint for user information: googleapis.com/plus/v1/people/me will probably continue to exist for years (awaiting official announcement from Google).

I would start using the Google OAuth 2.0 endpoint (notice the alt=json): https://www.googleapis.com/oauth2/v3/userinfo?alt=json

Which returns Json that looks like this:

{
  "id": "123456789012345678901",
  "email": "[email protected]",
  "verified_email": true,
  "name": "User Name",
  "given_name": "User",
  "family_name": "Name",
  "link": "https://plus.google.com/123456789012345678901",
  "picture": "https://lh3.googleusercontent.com/.../mo/photo.jpg",
  "locale": "en",
  "hd": "example.com"
}

The current list of Google OAuth 2.0 endpoints:

https://accounts.google.com/.well-known/openid-configuration

3
votes

What is the future of OAuth API beyond the April 2019?

Oauth is not an api it is a protocol for authentication. In this instance the authentication response is used to access googles APIs. Googles use of Oauth2 for authentication is not going any where there has been no announcement that it is being discontinued in any way. Nor do i think they would as to my knowledge it is current industry standard for authenticating to APIs

OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint

The Google people api may contain the term plus in the url but it does not really have anything to do with Google plus (other than really bad naming).

[Documentation] The People api lets you list and manage the authenticated user's Contacts and retrieve profile information for authenticated users and their contacts.

Which actually has nothing to do with Google plus other than the fact that some of the users profile information may have originally been contained within Google plus which has now been moved i suspect (but i have no proof of that). I did send off an email to google asking for some clarification as to exactly which endpoints are shutting down.

Shutdown

So what is going to happen with the shutdown

What will happen to people overview will be a really good question. They may be renamed however i suspect they may just be left alone to access the google contacts as they do currently. (again i have no proff of this)

Get current user info

If you want to get the information about the current user then an idea would be to use the userinfo endpoint. As long as you requested the profile scope you can request the current users info from the identity server directly

Request:

GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer qMgWQHD0MstTDVip7hIYipUpSQkxexF4-W0bI3geEaYk0ztVryYZyFRrZDFWkn69Hw3RlBjfOuXJ8df_iv5ATgW3y0BUkI0xMXeGq22qmfqG-4duSU

Response:

{
  "picture": "https://lh5.googleusercontent.com/-a1CWlFnA5xE/AAAAAAAAAAI/AAAAAAAAl1I/UcwPajZOuN4/photo.jpg", 
  "name": "Linda Lawton", 
  "family_name": "Lawton", 
  "locale": "en", 
  "gender": "female", 
  "link": "https://plus.google.com/+LindaLawton", 
  "given_name": "Linda", 
  "id": "117200475532672775346"
}

I suspect that some of this is going to change. Link for example is not going to be able to link to google plus anymore. I think i will send off an email to google to see what they intend to do about that.

Email will only appear in the response if you have also requested email scope when authenticating the user.

update

blog post on api shutdown just went out and gives information on what APIs are being shut down and when.

The most commonly used APIs that are being shut down include:

  • Google+ REST API

  • Google+ Web API

  • Google+ Android SDK

  • Google+ Domains API

  • Google+ Pages API

This still doesn't clear up the issue with the people API being Google contacts yet part of the Google+ rest API

https://developers.googleblog.com/2018/12/google-apis-shutting-down-march-7-2019.html?m=1

0
votes

In order to disable this Google + API from your apps, you need to go to https://console.developers.google.com

... and navigate to each project you are using Google+ Api and click DISABLE

This will remove any requests from Google + API.