Google+ API 和 OAuth 关闭需要更改什么?
What do I need to change for Google+ APIs and OAuth shutdown?
我收到一封来自 Google 的电子邮件,内容如下:
Hello Google+ Developer,
The email below contains your most recent usage of Google+ APIs. Note: It includes Google+ OAuth scope requests, which are also affected by the Google+ shutdown. A prior email sent to active API callers did not include information about OAuth requests. One final reminder email will be sent in February to users who still have active API or OAuth request activity.
What do I need to know?
On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown, with API calls starting to intermittently fail as early as January 28, 2019, and OAuth requests for Google+ scopes starting to intermittently fail as early as February 15, 2019.
What do I need to do?
Please update your projects listed below by March 7, 2019 and ensure they are no longer using Google+ APIs, or requesting Google+ OAuth scopes. The data below shows which Google+ API methods your projects have recently called, as well as Google+ OAuth scopes it has requested.
Note: If you see calls to people.get, these can be the result of using the Google+ Sign-In feature in your application, which is now fully deprecated and is being shut down. Developers should migrate from the Google+ Sign-In feature to the more comprehensive Google Sign-in authentication system.
| Project | Google+ API Name | Version | Method or OAuth ScopeA |
| A | plus | v1 | plus.people.get |
| B | plus | v1 | plus.people.get |
我正在使用护照,这 plugin for google 是为了避免为用户存储密码。但我还需要电子邮件地址。我试图只使用 email 范围,但那没有用,所以这就是我同时使用两个范围的原因。这是一个片段,我是如何使用它的:
我请求两个范围,这是它的片段:
const express = require('express');
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
const app = exprress();
auth(passport);
app.use(passport.initialize());
const auth = function (passport) = {
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
passport.use(new GoogleStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: CALLBACK_URL
},
(token, refreshToken, profile, done) => {
return done(null, {
profile: profile,
token: token
});
}));
};
app.get('/auth/google', passport.authenticate('google', {
scope: ['profile', 'email']
}));
所以现在我有点困惑,因为我不使用 plus.people.get 范围。
即使在 documentation page 上,他们也建议使用 profile 和 email。那么为什么我会收到电子邮件?
问题不是您使用 plus.profile scope,而是库使用 HTTP endpoint for plus.people.get 获取配置文件信息。即使您没有使用 plus 范围,三年前的最佳实践也是使用 plus 端点来获取配置文件信息。
有一个 pull request 可以更改使用的端点。我不清楚为什么它没有被合并,但应该很快。
同时,您也可以在创建GoogleStrategy对象时,在userProfileURL属性中指定端点进行配置。所以代码看起来像
passport.use(new GoogleStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: CALLBACK_URL,
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
},
(token, refreshToken, profile, done) => {
return done(null, {
profile: profile,
token: token
});
}));
还有another module使用OpenID(Google支持)获取配置文件信息。您可能希望切换到这个,因为它似乎受支持。
我收到一封来自 Google 的电子邮件,内容如下:
Hello Google+ Developer,
The email below contains your most recent usage of Google+ APIs. Note: It includes Google+ OAuth scope requests, which are also affected by the Google+ shutdown. A prior email sent to active API callers did not include information about OAuth requests. One final reminder email will be sent in February to users who still have active API or OAuth request activity.
What do I need to know?
On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown, with API calls starting to intermittently fail as early as January 28, 2019, and OAuth requests for Google+ scopes starting to intermittently fail as early as February 15, 2019.
What do I need to do?
Please update your projects listed below by March 7, 2019 and ensure they are no longer using Google+ APIs, or requesting Google+ OAuth scopes. The data below shows which Google+ API methods your projects have recently called, as well as Google+ OAuth scopes it has requested.
Note: If you see calls to people.get, these can be the result of using the Google+ Sign-In feature in your application, which is now fully deprecated and is being shut down. Developers should migrate from the Google+ Sign-In feature to the more comprehensive Google Sign-in authentication system.
| Project | Google+ API Name | Version | Method or OAuth ScopeA |
| A | plus | v1 | plus.people.get |
| B | plus | v1 | plus.people.get |
我正在使用护照,这 plugin for google 是为了避免为用户存储密码。但我还需要电子邮件地址。我试图只使用 email 范围,但那没有用,所以这就是我同时使用两个范围的原因。这是一个片段,我是如何使用它的:
我请求两个范围,这是它的片段:
const express = require('express');
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
const app = exprress();
auth(passport);
app.use(passport.initialize());
const auth = function (passport) = {
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
passport.use(new GoogleStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: CALLBACK_URL
},
(token, refreshToken, profile, done) => {
return done(null, {
profile: profile,
token: token
});
}));
};
app.get('/auth/google', passport.authenticate('google', {
scope: ['profile', 'email']
}));
所以现在我有点困惑,因为我不使用 plus.people.get 范围。
即使在 documentation page 上,他们也建议使用 profile 和 email。那么为什么我会收到电子邮件?
问题不是您使用 plus.profile scope,而是库使用 HTTP endpoint for plus.people.get 获取配置文件信息。即使您没有使用 plus 范围,三年前的最佳实践也是使用 plus 端点来获取配置文件信息。
有一个 pull request 可以更改使用的端点。我不清楚为什么它没有被合并,但应该很快。
同时,您也可以在创建GoogleStrategy对象时,在userProfileURL属性中指定端点进行配置。所以代码看起来像
passport.use(new GoogleStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: CALLBACK_URL,
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
},
(token, refreshToken, profile, done) => {
return done(null, {
profile: profile,
token: token
});
}));
还有another module使用OpenID(Google支持)获取配置文件信息。您可能希望切换到这个,因为它似乎受支持。