Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google+ API Shutdown #1160

Closed
jakubgs opened this issue Mar 5, 2019 · 0 comments
Closed

Google+ API Shutdown #1160

jakubgs opened this issue Mar 5, 2019 · 0 comments

Comments

@jakubgs
Copy link
Contributor

jakubgs commented Mar 5, 2019

I don't know if you've heard but Google is closing it's Google+ legacy API:
https://developers.google.com/+/api-shutdown
https://developers.google.com/+/scopes-shutdown

You should update your app to only use the recommended scopes. For example, when:
making OAuth requests

I found that you are using passport-google-oauth2 for Google OAuth:

codimd/lib/web/auth/google/index.js

Line 5 in e48342a

var GoogleStrategy = require('passport-google-oauth20').Strategy

And there is an issue in their repo related to this:
jaredhanson/passport-google-oauth2#50
And this specific comment explains that it already supports it:
jaredhanson/passport-google-oauth2#50 (comment)
Which is handled by this PR:
jaredhanson/passport-google-oauth2#51
And states:

The easiest migration path for users of this module is to provide userProfileURL: https://www.googleapis.com/oauth2/v3/userinfo, in the strategy options

Like so:

new GoogleStrategy({
  clientID: GOOGLE_CLIENT_ID,
  clientSecret: GOOGLE_CLIENT_SECRET,
  callbackURL: "http://www.example.com/auth/google/callback",
  // This option tells the strategy to use the userinfo endpoint instead
  userProfileURL: "https://www.googleapis.com/oauth2/v3/userinfo",
}

I can see this has not been done in your module:

codimd/lib/web/auth/google/index.js

Lines 11 to 15 in e48342a

passport.use(new GoogleStrategy({
clientID: config.google.clientID,
clientSecret: config.google.clientSecret,
callbackURL: config.serverURL + '/auth/google/callback'
}, passportGeneralCallback))

My question is: Does CodiMD require this change to continue to have Google OAuth work correctly?
@SISheogorath SISheogorath mentioned this issue Mar 5, 2019
Merged
pandy1988 pushed a commit to pandy1988/codimd that referenced this issue Sep 13, 2019
@SISheogorath
Add required change for Google+ API deprecation
4f93ed5 
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.

Details:
hackmdio#1160

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
edgarogh pushed a commit to WartaPoirier-corp/codimd that referenced this issue Sep 21, 2021
@davidmehren
Merge pull request hackmdio#1160 from hedgedoc/renovate/master-aws-sd…
d8ff664 
…k-2.x

Update dependency aws-sdk to ^2.888.0 (master)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jakubgs