OAuth out-of-band (OOB)

Opteo / google-ads-api

Google Ads API client library for Node.js

https://opteo.com

MIT License

270 stars 90 forks source link

OAuth out-of-band (OOB) #421

Closed nvelickovic10 closed 1 year ago

nvelickovic10 commented 2 years ago

Hello, I got a message from Google stating: "We're writing to remind you that the OAuth out-of-band (OOB) flow will be deprecated on October 3, 2022, to protect your users from phishing and app impersonation attacks."

Is this library affected by this, and if so how can we migrate to the more secure flow?

brettwray commented 2 years ago

+1, I got the same emails from Google, when I check the credentials that the email says are related they're the ones we use for our Google Ads reporting with this package. Tried searching the google-auth-library package for OOB flow and couldn't find anything.

mkosik commented 2 years ago

+1 can some of the lib authors please elaborate on this one?

wcoots commented 2 years ago

@nvelickovic10 @brettwray @mkosik First I've heard of this, do any of you have an article or a resource you can send to elaborate?

assaf commented 2 years ago

Basically OOB is when part of the authentication flow happens outside the browser — out-of-band — user receives the authorization code directly and manually enters it into the client app.

For example, you might have a page that authenticates the user, and shows them an authorization code. The user manually enters that code into another app — Windows app (back in the days), CLI tool, cron job, etc.

wcoots commented 1 year ago

Looks like this hasn't affected the API