A final farewell to ClientLogin OAuth 1 0 3LO AuthSub and OpenID 2 0

Posted by William Denniss, Product Manager, Identity and Authentication

Support for ClientLogin, OAuth 1.0 (3LO¹), AuthSub, and OpenID 2.0 has ended, and the shutdown process has begun. Clients attempting to use these services will begin to fail and must be migrated to OAuth 2.0 or OpenID Connect immediately.

To migrate a sign-in system, the easiest path is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our standards-based OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS. To migrate server API use, we recommend using one of our OAuth 2.0 client libraries.

We are moving away from legacy authentication protocols, focusing our support on OpenID Connect and OAuth 2.0. These modern open standards enhance the security of Google accounts, and are generally easier for developers to integrate with.

¹3LO stands for 3-legged OAuth where theres an end-user that provides consent. In contrast, 2-legged (2LO) correspond to Enterprise authorization scenarios such as organizational-wide policies control access. Both OAuth1 3LO and 2LO flows are deprecated, but this announcement is specific to OAuth1 3LO.

Read More..

Reminder to migrate to OAuth 2 0 or OpenID Connect

Posted by William Denniss, Product Manager, Identity and Authentication

Over the past few years, we’ve publicized that ClientLogin, OAuth 1.0 (3LO)¹, AuthSub, and OpenID 2.0 were deprecated and would shut down on April 20, 2015. We’re moving away from these older protocols in order to focus support on the latest Internet standards, OAuth 2.0 and OpenID Connect, which increase security and reduce complexity for developers.

The easiest way to migrate to these new standards is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS.

If the migration for applications using these deprecated protocols is not completed before the deadline, the application will experience an outage in its ability to connect with Google (possibly including the ability to sign in) until the migration to a supported protocol occurs. To avoid any interruptions in service, it is critical that you work to migrate prior to the shutdown date.

If you need to migrate your integration with Google:

• Migrate from OpenID 2.0 to Google Sign-in
• Migrate from OAuth 1.0 to OAuth 2.0
• For AuthSub and ClientLogin, there is no migration support. You’ll need to start fresh with OAuth 2.0 and users need to re-consent

If you have any technical questions about migrating your application, please post questions to Stack Overflow under the tag google-oauth or google-openid.

¹ 3LO stands for 3-legged OAuth: Theres an end-user that provides consent. In contrast, 2-legged (2LO) correspond to Enterprise authorization scenarios: organizational-wide policies control access. Both OAuth1 3LO and 2LO flows are deprecated.

Read More..