Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove dependency on Google Plus APIs #228

Closed
wwalser opened this issue Jun 4, 2016 · 0 comments
Closed

Remove dependency on Google Plus APIs #228

wwalser opened this issue Jun 4, 2016 · 0 comments
Labels
Milestone

Comments

@wwalser
Copy link
Contributor

@wwalser wwalser commented Jun 4, 2016

I was poking around to find out of there is a way to remove the dependency on Google Plus APIs now that Google is splitting Plus out of it's products. Reading Google's latest Identity Platform documentation, it seems that most endpoints are no longer associated with Google Plus at all.

https://developers.google.com/identity/protocols/OAuth2WebServer#callinganapi

While you can use a Google Identity auth key to call Google Plus APIs, such as requesting a users profile, Google Plus is not required for initial authentication. Additionally, the core APIs provide a way of getting a users basic information such as email address and given/family names.

Unfortunately, it appears that last year Bell moved in exactly the opposite direction #108. I suppose that's a side effect of Google making a big bet on Plus which didn't pan out in the end.

I believe the change required is just to modify the URL used to fetch the user profile https://github.com/hapijs/bell/blob/master/lib/providers/google.js#L13 and the code that parses out piece of the user profile (for example changing backward from profile.emails to profile.email.

There are two reason I'm interested in doing this:

  1. I'm unsure of what Google Plus profiles will contain going forward, are new users automatically given a populated Google Plus profile? If not, will their gmail/docs/whatever details be provided instead or nothing at all?
  2. Currently in order to use Bell, Google Plus APIs must be enabled on the developers account. This is an extra requirement over top of having an account and enabling an oAuth application and it's not actually required to get the details that users commonly retrieve for authentication.

Before making such a PR, I wanted to post this issue just to gauge interest. Perhaps I'm wrong in assuming this is a desirable change? Some 3rd party auth systems implement an additional options parameter for Google for the userProfileUrl to use and implement two different parsers depending on the URL provided. Would Bill rather have that as a feature, taking into consideration that that's one more feature to maintain down the road?

@ldesplat ldesplat added this to the 7.9.0 milestone Jun 10, 2016
@ldesplat ldesplat added the feature label Jun 10, 2016
@ldesplat ldesplat removed this from the 7.9.0 milestone Jun 13, 2016
ldesplat added a commit that referenced this issue Jul 17, 2016
Separate Google into two providers. #228
@ldesplat ldesplat closed this Jul 17, 2016
@ldesplat ldesplat added this to the 8.0.0 milestone Jul 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.