Reminder to migrate to OAuth 2 0 or OpenID Connect

| |

Posted by William Denniss, Product Manager, Identity and Authentication

Over the past few years, we’ve publicized that ClientLogin, OAuth 1.0 (3LO)1, AuthSub, and OpenID 2.0 were deprecated and would shut down on April 20, 2015. We’re moving away from these older protocols in order to focus support on the latest Internet standards, OAuth 2.0 and OpenID Connect, which increase security and reduce complexity for developers.

The easiest way to migrate to these new standards is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS.

If the migration for applications using these deprecated protocols is not completed before the deadline, the application will experience an outage in its ability to connect with Google (possibly including the ability to sign in) until the migration to a supported protocol occurs. To avoid any interruptions in service, it is critical that you work to migrate prior to the shutdown date.

If you need to migrate your integration with Google:

  • Migrate from OpenID 2.0 to Google Sign-in
  • Migrate from OAuth 1.0 to OAuth 2.0
  • For AuthSub and ClientLogin, there is no migration support. You’ll need to start fresh with OAuth 2.0 and users need to re-consent

If you have any technical questions about migrating your application, please post questions to Stack Overflow under the tag google-oauth or google-openid.

1 3LO stands for 3-legged OAuth: Theres an end-user that provides consent. In contrast, 2-legged (2LO) correspond to Enterprise authorization scenarios: organizational-wide policies control access. Both OAuth1 3LO and 2LO flows are deprecated.

Related Posts by Categories

0 comments:

Post a Comment