问题
I use Passport.js and passport-google-oauth20 in my nodejs aplication for authenticating with a "Google Strategy". I just received an email from Google indicating that I use "plus.people.get" from the Google+ API and that it will be deprecated. Should I change something? I do not use directly this API call but maybe Passport does?
回答1:
Yes the Google OAuth strategy for Passport currently uses the Google+ API endpoints for retrieving the user's profile information.
If you disable the Google+ API integration from Google console on https://console.developers.google.com/apis/dashboard then the sign-in with Google will not work for your application. The error received back from Google contains this message:
GooglePlusAPIError: Access Not Configured. Google+ API has not been used in project xxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=xxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
In order for your application to work properly having Google+ API disabled, you have to use this strategy option:
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
var GoogleStrategy = require('passport-google-oauth20').Strategy;
passport.use(new GoogleStrategy({
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET,
callbackURL: "http://www.example.com/auth/google/callback",
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo'
},
function(accessToken, refreshToken, profile, cb) {
...
}
));
来源:https://stackoverflow.com/questions/53887010/is-the-google-strategy-in-passport-js-deprecated-with-the-end-of-google