Reputation: 101
Google oAuth 2.0 new authorization and token endpoint
I will update my code for Google oAuth2.0 web-views disallow warning. I found the authorization and token endpoints had changed in document.
I use the endpoint as follows since 2014.
- "accounts.google.com/o/oauth2/auth"
- "accounts.google.com/o/oauth2/token"
new endpoint as follows
- "accounts.google.com/o/oauth2/v2/auth"
- "www.googleapis.com/oauth2/v4/token"
I try my code for old and new endpoint. It works on all endpints. Can I still use old endpoints? or Have expired date for old endpoints?
Thanks!
Upvotes: 10
Views: 10373
Answers (1)
Reputation: 2063
In order to be fully compliant with the OpenIDConnect spec, We created the new endpoints because we didn't want to break existing developers. So the new endpoints are OpenIDConnect complaint (and tools find them through discovery doc). There are minor changes (I don't remember all of them at the moment) .. e.g. issuer in the id_token is https://accounts.google.com instead of accounts.google.com
Since many new open source tools in the future (which you may use) will be OpenIDConnect complaint, I suggest using the new ones. We don't have any plans to deprecate the old ones but will continue to monitor the usage and decide if it is worth deprecating if all the traffic shifts to new ones.
Upvotes: 9
Related Questions
- Google API OAuth2
- Using Google's OAuth 2.0 revoke endpoint invalidates all other tokens for user
- Use google oauth2 with Go
- Endpoints Google ID JWT, and Golang oauth2: have id_token, need access_token?
- Google OAuth 2 authorization - swapping code for token
- OAuth 2.0 Access Tokens and Refresh Tokens
- Cannot authenticate anymore with new Google OAuth 2.0 token endpoint (v3)
- Google OAuth 2.0 inconsistent token type?
- Google Cloud Endpoints gwt Oauth2 authentication
- Using Google experimental implementation of OAuth 2.0 to access existing API endpoints