search

jaredhanson / passport-google-oauth2

Google authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-google-oauth20/?utm_source=github&utm_medium=referral&utm_campaign=passport-google-oauth20&utm_content=about
MIT License
824 stars 153 forks source link

Rewrite to Google Identity Platform? #52

Closed eponymz closed 5 years ago

eponymz commented 5 years ago

More of a query to find out if a rewrite is in the works. Reference: https://developers.google.com/+/api-shutdown

The googleplus.js file references the API being shutdown by google.

/**
 * Parse profile.
 *
 * Parses user profiles as fetched from Google's Google+ API.
 *
 * The amount of detail in the profile varies based on the scopes granted by the
 * user.  The following scope values add additional data:
 *
 *     `https://www.googleapis.com/auth/plus.login` - recommended login scope
 *     `profile` - basic profile information
 *     `email` - email address
 *
 * References:
 *   - https://developers.google.com/+/web/api/rest/latest/people/get
 *   - https://developers.google.com/+/web/api/rest/
 *   - https://developers.google.com/+/web/api/rest/oauth
 *
 * @param {object|string} json
 * @return {object}
 * @access public
 */
exports.parse = function(json) {
  if ('string' == typeof json) {
    json = JSON.parse(json);
  }

  var profile = {}
    , i, len;
  profile.id = json.id;
  profile.displayName = json.displayName;
  if (json.name) {
    profile.name = { familyName: json.name.familyName,
                     givenName: json.name.givenName };
  }
  if (json.emails) {
    profile.emails = [];
    for (i = 0, len = json.emails.length; i < len; ++i) {
      profile.emails.push({ value: json.emails[i].value, type: json.emails[i].type })
    }
  }
  if (json.image) {
    profile.photos = [{ value: json.image.url }];
  }
  profile.gender = json.gender;

  return profile;
};

Same with strategy.js. This will render this library useless until rewritten.

function Strategy(options, verify) {
  options = options || {};
  options.authorizationURL = options.authorizationURL || 'https://accounts.google.com/o/oauth2/v2/auth';
  options.tokenURL = options.tokenURL || 'https://www.googleapis.com/oauth2/v4/token';

  OAuth2Strategy.call(this, options, verify);
  this.name = 'google';
// this endpoint is part of the shutdown
  this._userProfileURL = options.userProfileURL || 'https://www.googleapis.com/plus/v1/people/me';

  var url = uri.parse(this._userProfileURL);
  if (url.pathname.indexOf('/userinfo') == (url.pathname.length - '/userinfo'.length)) {
    this._userProfileFormat = 'openid';
  } else {
    this._userProfileFormat = 'google+'; // Google Sign-In
  }
}
eponymz commented 5 years ago

Closing. Did not see #50

jaredhanson commented 5 years ago

passport-google-oauth20@2.0.0 has been published to npm. More information here: https://medium.com/passportjs/google-api-shutdown-330c3b47e3df

eponymz commented 5 years ago

@jaredhanson thank you for getting back on this! What's involved if i manually changed the profile URL? Will updating cause issues? This is my passport.js https://github.com/eponymz/prerelease-toolkit/blob/master/services/passport.js

UPDATE just looked at the source files i referenced. Looks like you still allow options.userProfileURL. Awesome.