0

we have users who authenticated via the google hybrid Openid (OpenId+OAuth1 [0]) protocol. To use the newer APIs from google we have to change to oauth2 based authentication. Is there a way to know after an oauth2 login if he is one of our openid users?

the ids look very different. A userid in google_oauth2 looks like this: 

12345678901234567890

and a userid in google hybrid looks like this: 

https://www.google.com/accounts/o8/id?id=AItOawnlIGFin5I0F059UdqSYbK9JmA99e99ms

Is there some way to fit this together? Is there an oauth based call i could make to retrieve such an openid userid? Since we use it for login purposes i would not want to put 2 google login buttons on the login page. I can hardly imagine our users to understand this.

Is there a common strategy to resolve such issues?

[0] https://developers.google.com/accounts/docs/OpenID#oauth

squiddle
  • 1,259
  • 8
  • 17

2 Answers2

0

Google talks about a combination OpenId/OAuth call that should do what you need. However, all the links in the document are to OAuth 1.0. So you will need to investigate to make sure it works with OAuth 2.0, since Google's deprecated the OAuth 1.0 interface.

Mark S.
  • 3,849
  • 4
  • 20
  • 22
0

Ok, it seems i have a way to do it. Have to implement and check but theoretically it should work like this:

send user to oauth2 login 
    -> if known, log him in
    -> if unknown send him to openid with immediate mode
          -> if successfull log him in, associate the former oauth connection
          -> if error the user is unknown and will be created with his oauth token

Immediate mode could also fail if the user was not logged in with google, but since he just came back from the oauth2 dance he would have to have logged out in between which is very unlikely since he gets redirected immediately.

squiddle
  • 1,259
  • 8
  • 17