[Action Required] Migrate your OAuth out-of-band flow to an alternative method before Oct. 3, 2022 #25
Comments
|
@kazrakcom Do you know if I just need to change something on my side, or if this will require code changes in |
|
I suspect we'll need a code change; I'll investigate that later this week. |
|
Thanks! I honestly love this tool and would hate to lose access to it. That little LED does a good job of pulling me out of a coding trance and making sure I show up to appointments and meetings on time. :-) |
|
Okay, yes, this will require some code updates. (I just got the same email.) I don't think they'll be that bad, and hopefully I'll have an update out by the end of next week. |
|
I don't see an easy fix for this in the golang OAuth2 code at the moment, so I'm going to push on them a bit for a general solution instead of rolling my own. If it looks like they aren't going to sort it out quickly enough, then I'll roll my own and maybe see if I can push something upstream. But I doubt that will be necessary. |
|
Update on this: as there has been no movement on the Calendar API doc front, I've worked up a fix to this myself. I'm going to run it past some friends of mine that are better at Go to confirm it isn't completely horrible before I release it, but it should be out soon. |
It appears that the OAuth approach used by this tool is being deprecated. Is this correct, or is there an easy way to migrate this to the newer OAuth system?
[Action Required] Migrate your OAuth out-of-band flow to an alternative method before Oct. 3, 2022
Our records indicate you have OAuth clients that used the OAuth OOB flow in the past.
Hello Google OAuth Developer,
We are writing to inform you that OAuth out-of-band (OOB) flow will be deprecated on October 3, 2022, to protect users from phishing and app impersonation attacks.
What do I need to know?
Starting October 3, 2022, we will block OOB requests to Google’s OAuth 2.0 authorization endpoint for existing clients. Apps using OOB in testing mode will not be affected. However, we strongly recommend you to migrate them to safer methods as these apps will be immediately blocked when switching to in production status.
Note: New OOB usage has already been disallowed since February 28, 2022.
Below are key dates for compliance
September 5, 2022: A user-facing warning message may be displayed to non-compliant OAuth requests
October 3, 2022: The OOB flow is blocked for all clients and users will see the error page.
Please check out our recent blog post about Making Google OAuth interactions safer for more information.
What do I need to do?
Migrate your app(s) to an appropriate alternative method by following these instructions:
The following OAuth client(s) will be blocked on Oct 3, 2022.
OAuth client list:
Thanks for choosing Google OAuth.
— The Google OAuth Developer Team
© 2022 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043
You have received this mandatory service announcement to update you about important changes to Google services you use.
The text was updated successfully, but these errors were encountered: