7

I am currently using the Users API (this one here) with the Go language on my Google App Engine application. My users are getting the warning message when they first grant permissions that says "OpenID 2.0 for Google accounts is going away. Developers should migrate to OpenID Connect by April 20, 2015." But I can't find any warnings in the documentation for the Users API anywhere saying that anything will stop working, like I do all throughout other sections regarding OpenID 2.0 (here).

I am using very little of the Users API code, just to create the login urls like this:

url, _ := user.LoginURLFederated(c, return_url, "www.google.com/accounts/o8/id")

And to read the users' email addresses, like this:

u := user.Current(appengine.NewContext(r))
email := u.Email

Do I need to worry about migrating, or will the Users API handle everything without failing after April 20th?

Blair Connolly
  • 584
  • 2
  • 7
  • 21
  • I was wondering the same. It would be very strange/broken if google's user service was still using oauth1. Maybe only happens to users that first accessed the appspot back when oauth1 was used? If so it would be interesting to know what happens to those after the deadline. I guess they will be offered to signin again. – Zig Mandel Mar 31 '15 at 19:34
  • Old users do not see the message when their sign in cookie expires and all they have to do is sign in to their Google account again. They will get it only if/when they have to re-authorize, which I don't think they have to do unless they explicitly unauthorize my app. I have done this with my own account just to test this out. – Blair Connolly Apr 01 '15 at 14:20
  • 1
    Yes but its not possible to test this until it deprecates. Hope a googler steps in here. – Zig Mandel Apr 01 '15 at 14:30
  • That is my hope! I am getting a little desperate here, I don't want to have to redevelop my entire sign in process just in case, but I just might have to if I don't hear from somebody soon. – Blair Connolly Apr 01 '15 at 14:49
  • Its impossible that user service is broken like that but it might force users to log-in again and that can break things. – Zig Mandel Apr 01 '15 at 18:34
  • Impossible? And why would cause problems if my users had to sign in again? – Blair Connolly Apr 01 '15 at 18:36
  • By impossible i mean google would have informed that userservice wont work. It would be a huge issue if it did stop working. None of the docs say anything. – Zig Mandel Apr 01 '15 at 18:37
  • I believe the warning is related to what you do before calling user.Current (LoginFederated is not OAuth 2.0). Please see these links: https://developers.google.com/accounts/docs/OpenID2?_ga=1.153281464.1089820907.1403527918 and https://developers.google.com/accounts/docs/OpenID#openid-connect – Mario Apr 07 '15 at 15:19
  • I had found those links before I posted my question. What I am not clear about is: does the User service use old OAuth? And if so, will it stop working on the 20th, or will Google update their code in time? Since their are no warnings on the User service documentation, that would lead me to think that I'm ok... it's just a little scary not knowing for sure. – Blair Connolly Apr 07 '15 at 17:39
  • The call user.LoginURLFederated is definitely OpenID. So yes, the way you're using Users is affected by the deprecation and you could expect it to stop working. If you migrate to OAuth 2.0 authentication with Users, your users won't receive the warnings and you'll be safe about the deprecation deadline. – Mario Apr 09 '15 at 05:00
  • @Mario, since the only thing I'm really trying to access is the user.Email, is there really any difference between me using user.LoginURLFederated() vs user.LoginURL()? – Blair Connolly Apr 16 '15 at 14:20
  • I was away for a few days but as Glenn answered, yes, there is a difference and indeed is the point of conflict of your code. – Mario Apr 22 '15 at 06:51

2 Answers2

6

Please read this information: https://developers.google.com/identity/protocols/OpenID2Migration https://developers.google.com/identity/protocols/OpenIDConnect https://developers.google.com/identity/sign-in/auth-migration

You may also find this forum post helpful.

Apps that use user.LoginURLFederated in conjunction with Google Accounts will stop working. These apps need to follow the information in the first link above to migrate.

Apps can continue to use user.LoginURLFederated for use with various other third-party OpenID2 service providers.

Glenn Lewis
  • 287
  • 1
  • 5
2

So, it turns out that the answer is "YES!". Definitely stopped working. The older development versions of my website now take you to an error page when you try to sign in. Luckily I had moved away from the User package before the deadline to the much buggier Google Sign-In for Websites.

Community
  • 1
  • 1
Blair Connolly
  • 584
  • 2
  • 7
  • 21
  • 1
    You say "no", but to what? It sounds like your answer to your original question is actually "yes, it will (did) stop working". – Dave C Apr 29 '15 at 00:18