Discontinuing authorization support for the Google Sign-In JavaScript Platform Library

March 01, 2022


Link copied to clipboard

Posted by Brian Daugherty, Product Solutions Engineer

Last year, we announced our plan to deprecate the Google Sign-In JavaScript Platform Library for web applications.

On March 31, 2023 we will fully retire the Google Sign-In JavaScript Platform Library and would like to remind you to check if this affects your web application, and if necessary, to plan for a migration.

Beginning April 30th, 2022 new applications must use the Google Identity Services library, existing apps may continue using the Platform Library until the deprecation date.

What does this mean for you?

  • Evaluate if you are affected by the deprecation and your need to Migrate to Google Identity Services.
  • Complete your migration prior to March 31, 2023, after which the Platform Library will no longer be available for download and web apps relying upon deprecated authorization features to obtain access tokens for calling Google APIs will no longer work as intended.

Are you affected?

To protect users' personal information across the web, Google continues to make signing into apps and services secure by default. Delivering on this promise, we announced Google Identity Services, our family of Identity APIs that consolidate multiple identity offerings under one software development kit (SDK). Recently, we released an update to the Google Identity Services library, adding user authorization and data sharing features based on OAuth 2.0. Due to numerous security and privacy improvements, the new Identity Services library is not fully backward compatible with all features and functionality found in the older Platform Library, and so a migration to the new library and code changes are necessary.

The deprecation applies to web apps loading the Google Sign-In JavaScript Platform Library and apps using the Google API Client Library for JavaScript with access tokens.

If your web pages use the apis.google.com/js/api.js or apis.google.com/js/client.js JavaScript modules to load the Platform Library, you are affected and need to update your existing implementation to use the new Identity Services client library.

Web applications using gapi.client from the Google API Client Library implicitly load and use the Platform Library’s soon to be deprecated gapi.auth2 module when working with access tokens to call Google APIs. Updates to your web app to explicitly include the new Identity Services library, manage access token requests, and replace auth2 module references with newer equivalent methods are necessary.

Your full suite of apps and platforms may be using different methods of authentication and authorization from Google. The following are NOT affected by this deprecation announcement:

  • Android or iOS native app SDKs,
  • Backend platforms directly calling Google’s OAuth 2.0 or OpenID services.

Migration

Authorization and authentication functionalities are clearly separated in the new Identity Services library.

There are two guides to help you with migration:

(1) migrate to Google Identity Services for user authorization and obtaining access tokens for use with Google APIs, and

(2) migrating from Google Sign-In for user authentication and sign-in.

Your web application may use both authorization (to call Google APIs), and authentication (to manage user sign-in to your app). If this is the case, you’ll need to follow both migration guides to ensure separation of user authorization and authentication flows in your web application.

The migration guides are written to help you understand how the new Identity Services library differs from prior libraries, what these changes are, how to separate authentication from authorization, and how these changes affect both your users and your codebase.

Changes and benefits

Migration to our new Identity Services library includes a number of changes and benefits:

  • Pop-ups provide a more secure, reduced UX friction way to authorize your web app without having to use redirects or require users to leave your site.
  • Increased privacy and control by default: users approve individual scopes, and only when they are needed, improving how much, and when, sensitive data may be shared with your web app.
  • Separate ID token and access token credentials clearly distinguish user identity from application capabilities. Individual credentials are easier to separate, manage, or store based upon their level of risk. An identity may convey only who you are and offer a lower level of risk when compared to an access token with capabilities to read/write sensitive user data.
  • Forward compatibility with Chromium Privacy sandbox changes.

This is a brief summary of privacy, security, and usability changes found in the new Identity Services library, additional detail is available in the migration guides.

How to get help

Visit our developer site for more information and check out the google-oauth tag on Stack Overflow for technical assistance. You can also offer your suggestions and feedback by sending an email to gis-migration-feedback@google.com.