Google Authentication Deprecation | "Your client application uses libraries for user authentication or authorization that will soon be deprecated." #489
Comments
jaibatrik
added
help_wanted
|
I have the same error |
|
I also have this issue and am somewhat confused by the comments in #473 as to whether it is supposed to be resolved? The merge listed above seems to imply the fix should be in the latest version of this package (though he lists v4.1.0 which is the last version number of the old package location). I currently have installed the latest version of the new package location (i.e. @abacritt/angularx-social-login v1.0.2) and I am still getting the error message in the console. Is the fix actually in @abacritt/angularx-social-login yet? A clarification on the version numbering since the package location migration would help here too :)
|
|
Hm - so i'm using the version compatible with angular v11: @jaibatrik will the migration to the new google library also be moved to the older versions to remain compatble with older angular versions or not? |
|
Hi ! I'm using angular cli 13.3.5 but got the same error here ! |
|
Hi, I'm using angular CLI 9.1.12 but got the same error here, Please help me how to fix this issue |
|
Looking for PR to fix it in the lates version at least. It will be great if someone can send a PR for this. |
|
Same issue here |
|
Are there any updates on this? |
|
I've deployed the changes. We had to change the packaging in NPM, so it's now under the |
|
Does new release resolve the issue for someone? I've downloaded the latest version and here is what I have at app initialisation. {
details: "You have created a new client application that uses libraries for user authentication or authorization that will soon be deprecated. New clients must use the new libraries instead; existing clients must also migrate before these libraries are deprecated. See the [Migration Guide](https://developers.google.com/identity/gsi/web/guides/gis-migration) for more information."
error: "idpiframe_initialization_failed"
}Sign In/ Sign Up with Google also fails with an error: It opens modal window, allows to enter and submit credentials and then fails. My setup: Nothing unusual. Just imports the SocialLoginModule, registers provider and calls |
happens the same on me :C |
|
Happens to me as well, even though I have downloaded the latest version of the package. I went into the code of the The flow has changed a lot with the new update. I was able to update the Basic implementation to get the accessToken NB NB2 To be used like this Some useful links |
|
@Tim-mhn Thanks for your work on this. I haven't explored the new API myself, but would you be okay with me "or someone from the community" to adapt this and update the lib with it? |
|
W/e. I Hope u find a solution. I am busy right now with a personal project,
could you help me? It really makes me silly to get data from a service and
paint it in a form but I'm a novice at this and I don't have anyone to help
me.
Regards,
Diego Del Barrio Ayuso
El jue, 26 may 2022 a las 11:57, Tim Meehan ***@***.***>)
escribió:
… Happens to me as well, even though I have downloaded the latest version of
the package.
I went into the code of the google-login-provider.ts and it still uses
the old JS script *https://apis.google.com/js/api.js
<https://apis.google.com/js/api.js>*. It should be *https://accounts.google.com/gsi/client
<https://accounts.google.com/gsi/client>* instead.
The flow has changed a lot with the new update. I was able to update the
initialize and signIn functions to retrieve the *accessToken* (see
below). However, it seems much harder to get the *tokenId* and, thus, the
profile information (name, email, emailVerified ...). It appears that
Google is forcing to use their own button component which comes inside an
iframe, making it very hard to have a pure JS solution.
Basic implementation to get the accessToken
initialize(): Promise<void> {
return new Promise((resolve, reject) => {
try {
this.loadScript(
GoogleLoginProvider.PROVIDER_ID,
'https://accounts.google.com/gsi/client',
() => {
this.client = google.accounts.oauth2.initTokenClient({
...this.initOptions,
client_id: this.clientId,
callback: (r) => {
console.log(r);
},
// allowed_parent_origin: 'http://localhost:4200' // had to add this to make it work on localhost for the moment
});
resolve();
} catch (err) {
reject(err);
}
}
signIn(signInOptions?: any): Promise<SocialUser> {
const options = { ...this.initOptions, ...signInOptions };
return new Promise((resolve, reject) => {
this.client.callback = (response) => {
// response has the following shape
// { access_token, authuser, expires_in, prompt, provider, scope, token_type }
console.log(response)
resolve()
};
this.client.requestAccessToken();
})
}
NB: I even tried to create an invisible google button and click it from JS
but I'm unauthorized to do this since it's inside an iframe :/
Some useful links
JS API
<https://developers.google.com/identity/gsi/web/reference/js-reference#google.accounts.id.initialize>
Google Identity Services migration
<https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#implicit-flow_2>
—
Reply to this email directly, view it on GitHub
<#489 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALVI6Y3NNZHOFGIGWLVWX63VL5DIVANCNFSM5TR6DSUQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Hi there, working with Angular 8 version and angularx-social-login 2.2.1. |
|
I have been working on it since yesterday. I was able to implement a JS-only solution and retrieve the user's profile information (name, email ...) and an authorization token. But i haven't been able to get the id token, which might be necessary for some users of this library (it's the case for our team). I will keep you updated if i make some progress next week. In the mean time, you can always add |
|
Awesome, thanks!
El El vie, 27 may 2022 a las 14:02, Tim Meehan ***@***.***>
escribió:
… I have been working on it since yesterday. I was able to implement a
JS-only solution and retrieve the user's profile information (name, email
...) And a authorization token But i havent been able to get the id token,
which might be necessary for some users of this library (it's the case for
us).
In the mean time, you can always add plugin_name: "any string you want"
to the options as mentionnés above, it will temporarily do the trick
—
Reply to this email directly, view it on GitHub
<#489 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALVI6Y76X42EXRAHALQ4F3DVMC2UBANCNFSM5TR6DSUQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
@Tim-mhn Thanks for your efforts. I also need the id token. Seems we have to use the Sign in with Google API.
But that indeed seems to require the renderButton call to get the token response. Something like this: google.accounts.id.initialize({
client_id: '',
callback: handleCredentialResponse,
allowed_parent_origin: 'http://localhost:4200'
});
google.accounts.id.renderButton(parentElement);Which indeed is not what we want in this I currently see 3 options:
|
Thanks for your feedback. I am under the same impression :/
|
|
I can imagine it is impossible to click the iframe embedded button. Not my expertise though. Getting an id token in a different way using the OAuth2 library is probably discouraged because this requires a correct (secure) implementation:
The Microsoft library implements client side Authorization Code Flow with PKCE:
Google doesn't seem to offer the same. If we need to build our custom implementation of the implicit flow (or better the Authorization Code Flow with PKCE, if possible) with the Google API, we need to be careful to do it securely. I understand the basics of the authentication flows and some vulnerabilities, but this is not my expertise. I can see that the Google button is the more secure way. Edit: I think this can be used to get a code with a request to https://accounts.google.com/o/oauth2/v2/auth It would be a generic OpenID Connect Authorization Code Flow with PKCE. |
I'm not sure if this could work since you need to pass in the On a side-note, this is the code that was able to come up with to get the user's information using the |
Using the |
Honestly I think this is the exact way to go (for implicit authorization) if you want to preserve the current custom button, otherwise it should be their button. They say it's ok to call the OAuth 2.0 API endpoints here |
|
Meantime, if anybody needs it, |
|
Thanks for the repo @ShemiNechmad |
|
Hi @Heatmanofurioso I reopened that PR I closed some days ago. #507 Can anyone propose Pull Requests in this repo ? Or should we be listed as contributor first ? |
|
I believe you need to be a contributor @Jin-K But you can just use that PR, and I can effectively accept it if we agree on it |
|
@ShemiNechmad thanks for your help man. Do you know how can I ask user to grant additional permissions to read from their calendar for example? (scopes) in the previous version of the google library I used to be able to that. I found that in the gis library there are two methods in which you can pass a scope parameter, however they don't return a valid JWT token. these methods are : google.accounts.oauth2.initTokenClient and google.accounts.oauth2.initCodeClient. the problem is that I need a JWT token to pass to my backend in order to validate it with a .NET library made by Google which is Google.Apis.Auth package. |
|
@edoremo00 to get a jwt token that you can decode by yourself later, you need to call ref: https://developers.google.com/identity/gsi/web/guides/overview I strongly recommend to install @types/google.accounts as devDependency to benefit of the documentation on the Google Identity library |
@edoremo00 you can check out this repo, you have a working html-based example. The crendential returned in the callback (see |
|
@Tim-mhn thank you for the repo. I used it however the problem remains. the credential returned is a JWT token but you can't request scopes for using a particular API. passing that JWT to a Google API will result in a 401 unauthorized as you didn't request the scope for it but you just made a Login. Previously you were able to request additional scopes in the login phase. |
|
@Jin-K so now it's a two step thing? first I need to log in the user and than if I want to use a Google API, like Calendar I need to call either |
It's a downgrade I agree 😥 |
|
@Jin-K do you know the difference between initTokenclient and initCodeclient? |
|
@edoremo00 I already replied that, and I'm not working for Google. I also can't understand why the made it so complex to integrate 2 of their own products. If you want to get both at the same time and avoid their iframed button, you should try what @Tim-mhn proposes: getting the access token first with initTokenClient, and immediatelly get the id token via a http request. |
Heatmanofurioso
changed the title
|
The functionality has slightly changed, but it should be working fine. If there's any issues further one, we can always reopen this issue |
I got this warning in the console:
https://imgur.com/a/I3mACzR
Here is the link:
https://developers.google.com/identity/gsi/web/guides/gis-migration
Here is how I log in with Google:
private authService: SocialAuthService,...
Could you please fix Google SocialAuthService so we don't need to make any change in the code to make the warning disappear?
The text was updated successfully, but these errors were encountered: