Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google OpenID 2.0 Deprecation #484

Closed
jerone opened this issue Dec 5, 2014 · 2 comments · Fixed by #564
Closed

Google OpenID 2.0 Deprecation #484

jerone opened this issue Dec 5, 2014 · 2 comments · Fixed by #564
Labels
security Usually relates to something critical.

Comments

@jerone
Copy link
Contributor

jerone commented Dec 5, 2014

More info:

Solutions:
@jerone jerone added the security Usually relates to something critical. label Dec 5, 2014
@Martii Martii added the sooner Sooner would be appreciated. label Dec 5, 2014
@Martii
Copy link
Member

Martii commented Dec 5, 2014

Oh my... Thank you for these links. Labeled as sooner.

@Martii
Copy link
Member

Martii commented Jan 11, 2015

Some notes out loud:

Same maintainer as our current google passport is at https://github.com/jaredhanson/passport-google-oauth with $ npm install passport-google-oauth from https://www.npmjs.com/package/passport-google-oauth ... seems to be a little out of date though but so is the OpenID package from this same project maintainer.

Based off observational stats only the package at https://www.npmjs.com/package/passport-google-auth appears to be the more maintained and contains an issue tracker unlike the other two forks.

This is beyond my capabilities at the moment and this should be completed relatively soon with either deprecation/eol or migration to OAuth google package. Setting to expedite.

@Martii Martii added expedite Immediate and on the front burner. and removed sooner Sooner would be appreciated. labels Jan 11, 2015
@Martii Martii mentioned this issue Jan 23, 2015
Open
@Martii Martii self-assigned this Jan 28, 2015
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Jan 28, 2015
Fix OAuth API Keys update
3b035cd 
* Pro/dev crashes nicely without this.

Applies to OpenUserJS#484
@Martii Martii mentioned this issue Jan 28, 2015
Merged
@Martii Martii removed their assignment Jan 28, 2015
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Jan 28, 2015
Post fix for OpenUserJS#484
e9764a0 
* Most Oauths won't have an array ref in it but just to be sure replace from end
Martii added a commit that referenced this issue Jan 28, 2015
@Martii
Merge pull request #560 from Martii/Issue-484postFix
fe564f3 
Post fix for #484 

Auto-merge
sizzlemctwizzle added a commit that referenced this issue Feb 5, 2015
@sizzlemctwizzle
Silently migrate from OpenID to OAuth2 authentication for Google. Closes
5989ab3 
 #484.
@sizzlemctwizzle sizzlemctwizzle self-assigned this Feb 5, 2015
@sizzlemctwizzle sizzlemctwizzle mentioned this issue Feb 5, 2015
Merged
sizzlemctwizzle added a commit that referenced this issue Feb 5, 2015
@sizzlemctwizzle
Silently migrate from OpenID to OAuth2 authentication for Google. Closes
3af7fad 
 #484.
@Martii Martii added the needs mitigation Needs additional followup. label Feb 5, 2015
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Feb 6, 2015
Misc fixes for OpenUserJS#484
63df266 
* Clarify sizzles identifier a bit
* Add very simple dismissable nag reminder to all pages about OpenUserJS#484 ... this reminder should disappear a bit after April 20th.
* Some automatic editor trailing white-space correction
@Martii Martii mentioned this issue Feb 6, 2015
Merged
Martii added a commit that referenced this issue Feb 6, 2015
@Martii
Merge pull request #567 from Martii/Issue-484postFixes
857e4cd 
Misc fixes for #484 

Auto-merge
@Martii Martii removed the expedite Immediate and on the front burner. label Feb 7, 2015
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Feb 7, 2015
Some dep updates
2e13ba8 
* *bootstrap* notes
** Don't set initial height... this is what was making it open/close automatically... needed in latest *bootstrap*
** `floor` and adjust reminders to top/bottom padding only otherwise viewport horizontal scrollbar appears with this *bootstrap* ... Related to OpenUserJS#484 and starting at OpenUserJS#568
** Remove unused classes at `/user/add/scripts` so it doesn't color differently... e.g. this is probably a bug that was fixed in latest *bootstrap* as well as possible improper usage in our code.
* *mongoose* update
* *sanitize-html* update

Closes OpenUserJS#379
This was referenced Feb 7, 2015
Merged
Merged
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Feb 8, 2015
Start timer on view for reminders
4cfdcdd 
* Do this in case someone hotlinks lower in the page and ends up missing these when traversing

Applies to OpenUserJS#573 and OpenUserJS#484 and more for OpenUserJS#567 and start of OpenUserJS#568
@Martii Martii mentioned this issue Feb 8, 2015
Merged
Martii added a commit that referenced this issue Mar 5, 2015
@Martii
Update README.md
14db6a2 
Post #484 DOC update from google OpenID to OAuth2 package
@Martii Martii mentioned this issue Mar 31, 2015
Closed
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Apr 8, 2015
Update deprecated Google classic/standard auth scope to use Google+ s…
b300317 
…cope

* Change on account here prompted for Google+ profile access and "circles" *(manually changed with the pencil to "only you")*... checks okay.
* Exact deprecation is described at https://developers.google.com/+/api/auth-migration#timetable ... attention point at OpenID deprecation which says to migrate to Google+ signin
* Upgrade reminder to final stage CSS coloring.

Closes OpenUserJS#613 and applies to OpenUserJS#484
@Martii Martii mentioned this issue Apr 8, 2015
Merged
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Apr 11, 2015
Some dep updates
ee942cf 
Mostly bug fixes unless otherwise specified for:

* *ace-builds*
* *octicons*
* *express-session*
* *highlight.js*
* *jwt-simple* ... related to OpenUserJS#484 with some opt on their end and asked for "offline access" permission... have to grant this to login.
* *moment*
* *request*
* *underscore*
@Martii Martii mentioned this issue Apr 11, 2015
Merged
Martii referenced this issue Apr 20, 2015
@sizzlemctwizzle
Hide the Google OAuth migration reminder for logged-in users that don…
4e50b21 
…'t use Google for authentication.
Martii pushed a commit to Martii/OpenUserJS.org that referenced this issue Apr 20, 2015
EOL Google Auth for OpenID deprecation and migration announcement banner
7974dbb 
* This particular reminder is technically past due over at UTC so EOLing
* Leaving code structure in for other critical reminders that may pop up. Recommend leaving the comments in for possible future use since the code is always active in it's current state. Only exception to this should be **if** a complete refactor is done on the reminder structure.
* Neutralized to a template style UI comment and variable naming... in the future if it's "GoogleAuthMigration" or whatever use that for the `aOptions` in case there is more than one or user reminders via .user.js.

Should conclude OpenUserJS#484
@Martii Martii mentioned this issue Apr 20, 2015
Merged
@Martii Martii removed the needs mitigation Needs additional followup. label Apr 27, 2015
@Martii Martii mentioned this issue Feb 4, 2016
Closed
@Martii Martii mentioned this issue Feb 4, 2017
Closed
@Martii Martii mentioned this issue May 7, 2018
Closed
This was referenced Oct 8, 2018
Closed
Closed
@Martii Martii changed the title Google OpenID Deprecation Google OpenID 2.0 Deprecation Mar 12, 2019
Martii added a commit to Martii/OpenUserJS.org that referenced this issue Mar 12, 2019
@Martii
Reenable new goo auths
810b73e 
* Comment in code that `profile` is OAuth 2.0 profile
* Renamed a few PRs and Issues with the OpenID 2.0 naming correction when we switched to native OAuth 2.0 scope which failed down the line from historical comments. Perhaps helping clarify this a bit.

Closes OpenUserJS#1526 and applies to OpenUserJS#613, OpenUserJS#484

Refs:
* https://developers.google.com/identity/protocols/googlescopes#openid_connect
* https://www.gluu.org/blog/oauth-vs-openid-whats-the-difference/ *(Seems like a good explanation of the OpenID Connect aspect of this OAuth2 strategy)*

> ~"OpenID Connect–not OpenID 1.0 or OpenID 2.0 (both previous versions are deprecated!)–is a profile of OAuth 2.0 that defines a workflow for authentication. The big difference between OpenID Connect and OAuth2 is the id_token. There is no id_token defined in OAuth2 because the id_token is specific to federated authentication."

* https://oauth.net/articles/authentication/ *(laid out details)*

NOTE:
* This auth is really a mess between npmjs.com, GH, and all the changes goo has done over the years. This seems to be the path forward but am still relooking at OpenUserJS#889 fallout
@OpenUserJS OpenUserJS locked as resolved and limited conversation to collaborators Apr 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security Usually relates to something critical.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Silently migrate from OpenID 2.0 to OAuth2 authentication for Google. OpenUserJS/OpenUserJS.org
3 participants
@sizzlemctwizzle @jerone @Martii