New Google Identity Service Migration with PHP Client library - google-oauth

I got a warning from google stating "your client ID(s) use the legacy Google Sign-In web solution".
And we are asked to migrate to the new Google Identity Services.
We do not use any JS library to sign-in. We have a Google PHP Client library for authentication and authorization.
Google still flagged our client Id and advised to migrate before March 31 2023.
Will this depreciation really affect us?
Can someone help me with the exact changes to be done on our end?

The team has a system that can detect which projects are calling the endpoint used by the deprecated JavaScript sign-in library. They send out emails to the owners of that project. From what I understand from the team they don't know for a fact that you are using it they can just see that your project id is hitting it.
The Google APIs PHP client library does not hit this end point so that part of your code is not the source.
I would just double check around your team and make sure nothing else may be using the old JavaScript library. If you cant find anything then the easiest solution is to just wait once google starts rolling out the deprecation at the end of March someone will come find you if something breaks.

Related

google warns "Unverified developer" for private site with spreadsheets API

I privately host a site for my family that uses the Google Spreadsheets API (readonly). I received an email from google looking to "Remove risky access to your data". My site is listed with a warning:
I've gone through the verification process (filling out this form: https://support.google.com/code/contact/oauth_app_verification) but got the response that if the site is used privately "you don't need to go through the verification process". They state this in their FAQ also: OAuth Developer Verification Form FAQ.
However, the site still shows a warning in Google's security check-up. I can ignore this but I think other family members will be worried unnecessarily OR ignore future warnings about other apps assuming it's the family one they normally ignore.
Is there a way to verify myself as a developer of a private site or mark the access as trusted so the warning doesn't recur?
I ended up making my site public and going through the usual verification process.
Not really an answer, but rather to flag that this is an issue my dilemma as well. Although I run time-based Google Script within an organization. I've contacted folks at the Google Cloud Platform and they have opened a case. However, here is something interesting I've stumbled across just now. Go to your Google account and do Security Checkup
After the checkup your screen might be showing something like this
Try clicking "Dismiss" to prevent Google from removing your app.
I'm just testing it myself and if in an hour (that's how long it usually takes Google to remove your own script from the list of self-authorized apps with access to account info) Google won't remove it, I guess it would work for me!

Google Identity API / GitKit - change domain on a production app

We are using GitKit API in production projects - and there is an urgent need to change the domain of one of our existing projects.
This is normally done under Google Cloud Console - in API Manager under "Identity Toolkit API" -> "Edit" link. Unfortunately, this link is gone - it was probably removed this week?!
We know the new projects should use Firebase Authentication (as announced on Google I/O this year) and we have started to work on upgrading our auth code and we are keen on using it in new projects.
But our existing production projects cannot be migrated easily!
We have not been alerted anyhow in advance, that "Edit" on existing projects will be disabled - and there is no deprecation date specified at https://developers.google.com/identity/toolkit/migrate-firebase or in the alert messages. As paying Google Apps customers we rely on many Google products. This is a very unpleasant surprise.
Is there any way how to restore the "Edit" for "Identity Toolkit API" for existing projects? As I said, we urgently need to adjust a domain of an existing production project. Any help from the Google engineers would be greatly appreciated.
Sorry for the inconvenience. We have rolled out the fix, and the Identity Toolkit API setting page should work now.

OAuth2 Troubles with PicasaWeb API

I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.

Which NuGet package to install for OAuth authorization with Google API Dot Net Client?

I need to simply do this:
I need my application to use OAuth to get a user's full name, email address, gender and date of birth from Google.
I've got the whole deal about how to use OAuth. I've got the workflow and I could myself use the HttpWebRequest or the HttpClient to make requests myself and do it the raw way, which I actually prefer.
But, just to be safe, I want to use the Google API Dot Net Client. I have been reading through the vast amount of documentation about using this monstrous thing and I can't figure out a few basic things:
1) Which Google API do I need to use? Just the Google OAuth API will do? I see in the google dot net client library samples that they all get data from other Google services such as the Drives or Books services/APIs.
If I need just the basic information such as full name, email, gender and date of birth, which service do I need to query using the Google OAuth API?
2) Which NuGet package must I install? There're plenty of them with roughly the same names.
I've read a ton of stuff in the last 2 days about this and there are about 28 tabs open in my browser about this. The more I read, the more it adds to my confusion.
The NuGet package pages on the nuget website have no documentation at all. They must clearly state the purpose and the extent of services that the package provides. The latter is clearly missing. They all seem to have the same one line description instead, which is totally unhelpful.
I even took the source for the google-api-dot-net-client and tried compiling it. I didn't even know which Visual Studio version it was going to open in. I read the solution files in Notepad and they suggested that the version of 2012. So when I opened the solution in Visual Studio for Web 2012 Express, many projects did not open; it said they were incompatible with the version of Visual Studio. Also, the dependencies/references weren't loaded correctly.
I am using Windows 7 Home Premium. I've got Visual Studio Express versions from 2008 to 2013.
I need to use the OAuth API in an ASP.NET MVC application. I've seen various samples. I just need to know the basic set up information such as which binaries and which NuGet packages I need to get and from where.
Update
Hurray to hand-plumbing. I'm doing it by hand. Ditch the .NET client.
All Google.Apis NuGet packages are auto generated. As you can see there are packages for Drive, YouTube, Plus, Storage, AdSense, etc. You can read more about each package in our developers.google.com site. Take a look at the following:
https://developers.google.com/api-client-library/dotnet/ - Contains all the documentation for the .NET client library for Google APIs.
https://developers.google.com/api-client-library/dotnet/apis/ - Contains all the different Google APIs and several references to the API documentation, how to download it using NuGet, etc.
Check out our https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth page. It contains a lot of information about the OAuth 2.0 protocol and several snippets
In addition, just to let you know, you don't need to use any of that:
https://code.google.com/p/google-api-dotnet-client/source/browse/ contains only the core library code that is shared between all those different APIs. All APIs shared the same OAuth 2.0 protocol, the same HTTP components, the same media upload and download mechanism and so on. Every week I update the NuGet packages by running the NuGet publisher.
Hope it makes sense now.

Migration token from AuthSub to OAuth2

Recently, AuthSub died...?
Is it possible to migration from session_token of Authsub to refresh_token of OAuth2 ?
Please tell me how to do it if possible.
Its still supported, but is failing for us as well (and others if search twitter for it). I'm wondering if Google is experience a technical issue with AuthSub or if they made a change (e.g. patch/release) earlier this week that is causing the issues?
We see it working for some Google accounts and fail for others - starting on Dec 10/11. So, its not impacting every Google account.
We are currently not capturing the outgoing requests to google. We are using the library gdata-calendar-1.0.jar to make google calendar api calls using AuthSub and the library is throwing an exception with the exception message "Unknown authorization header". This worked perfectly up until Dec 10/11th or so for all of our users.
What is strange is now the same calls do work for certain gmail accounts but not for others.
In our testing we are seeing that turning off the enhanced security in our web application results in the warning displayed to the user on the Google Authorization page but makes the connection work for the accounts that are failing.
Here are the api calls we are making:
AuthSubUtil.exchangeForSessionToken to connect to the google account
CalendarService.query to get events
CalendarService.insert to insert events in calendar
CalendarService.getFeed to get the calendars
AuthSub is still supported by Google as per Google's deprecation policy.
As for a migration path to OAuth2, currently there is none.