Google will disallow OAuth Out-of-band

[centic9]

I received an email from Google stating that OAuth Out-of-band will be disabled sometimes later this year.

I don't know much about OAuth, but I found 'redirect_uris': ['http://localhost', 'urn:ietf:wg:oauth:2.0:oob'], in the sources, which indicates to me that GYB is using this mechanism and thus is affected.

See https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob

Is there a way to switch GYB to a different authentication flow?

[bryantech]

So long and thanks for all the fish. I kid. I am sure Jay will figure out a solution.

[radiant-tangent]

Based on the release notes, it looks like v 1.60 might address this?
https://github.com/GAM-team/got-your-back/releases/tag/v1.60

[centic9]

Ah, do you think the two URIs for redirect_uris mean OOB is only used as fallback if localhost is not working?

[jay0lee]

https://groups.google.com/g/got-your-back/c/w0cT19cSKx0

[jay0lee]

Nope. Just upgrade.

[AlfredJKwack]

Thanks!