Update to Google+ API endpoint, add deprecation warnings

jaredhanson / passport-google-oauth

Google authentication strategies for Passport and Node.js.

https://www.passportjs.org/packages/passport-google-oauth/?utm_source=github&utm_medium=referral&utm_campaign=passport-google-oauth&utm_content=about

MIT License

776 stars 327 forks source link

Update to Google+ API endpoint, add deprecation warnings #66

Closed jaredhanson closed 9 years ago

jaredhanson commented 9 years ago

Builds on #45, with changes:

scope is not defaulted to "profile". Rationale: providers are frequently changing their recommended best practices, and assuming defaults in the library leads to maintenance requirements on an third-party schedule. This is not something I want to be responsible for, so applications need to pass in their own scopes (and be responsible for tracking changes)
adjusted deprecation warnings to account for scope being passed as a string, rather than an array, which is allowed by the strategy

jaredhanson commented 9 years ago

Reviewing this further. The https://www.googleapis.com/plus/v1/people/me endpoint has a completely different response format than https://www.googleapis.com/oauth2/v1/userinfo so the profile parsing needs to be updated. I'll handle this, but just wanted to confirm with you that this is the behavior you would expect.

Don't want to leave any loose threads before publishing to npm. Thanks.

ilanbiala commented 9 years ago

@jaredhanson with the new API, will I be able to set the login_hint for OAuth through Google to make it easier for users? Ideally all the Authentication parameters are supported from https://developers.google.com/accounts/docs/OpenIDConnect#login-hint.

jaredhanson commented 9 years ago

@ilanbiala you should be able to. I haven't explicitly tested every option that Google supports, but I haven't removed anything from this strategy itself. If there is any behavioral difference, it is due to a Google change, which can be ported back here if necessary.