3 Steps To Migrate Google+ (Google Plus) OAuth2 Sign-in & API Before Shutdown
Google+ (Google Plus) To Shutdown Starting 28 Jan 2019…Help!
You may have received an email from Google about Google+ shutdown.
Google is sunsetting Google+ for end-users, because they will be refocusing their time and effort in Google+ for enterprise organizations, instead.
If you are using Google+ API (Google Plus), you have until 7 March 2019 to move off it but the sooner the better because they are shutting it down progressively from 28 January 2019.
The full details are here: https://developers.google.com/+/api-shutdown
If you read the email or visited the web page, you will groan because it contains tons of information, which will overwhelm you, and by god, you probably don’t even remember how you manage to setup ‘Google+ Sign-in’ in the first place; it’s one of those things you spend hours poring over pages of documents, finally managing to make all the components work together, and never have to touch them again….until now.
This tutorial will take away all the pain from you in 3 quick steps. There are also troubleshooting tips and tool at the end.
However if you do not want to ever have to deal with this yourself ever again, try OAuth.io, and you’ll be done in 5 minutes — and you’ll never have to worry about user sign-in issues ever again, be it Google, Facebook, Twitter, etc.
Step 1: Am I using Google+?
If you received the email your probably are, but how and where?
Companies often use Google+ for 3 things:
- Retrieving Google+ user information
- Perform something programmatically on Google+ for the user
Regardless, you can just search through your code base for ‘https://www.googleapis.com/plus’. You will need to updated these as instructed in the next 2 steps.
Step 2: Replace ‘Google+ Sign-in’ with ‘Google Sign-in’
Google recommends that you use Google Sign-in. I provide the link for reference but don’t click on it unless you want your head to spin! Instead here is our simplified instructions.
First, spend 5 minutes to re-familiar with the OAuth. They are super simple to read because they are mostly illustrations, and it will make the migration easier:
- Read this (2-minute) guide if you are wondering what OAuth is otherwise skip to the next document
- OAuth2 has 4 grant types, focus on Authorization Code flow (5-minute) in this guide
Armed with understanding of OAuth2 Authorization Code flow:
- Check if you already have a Google App, or create one, and retrieve your client ID and client secret
- Change your OAuth2 integration in your code base
- Figure out which library or OAuth2 SaaS solution, you are using
- Determine what changes the library require to switch from ‘Google Plus’ to ‘Google’
- Example #1: Ruby/Rails with OmniAuth (https://github.com/omniauth/omniauth)
- Example #2: OAuth.io (https://oauth.io)
- Change your code, which uses the OAuth.io SDK, by just replacing the ‘google_plus’ to ‘google’
Step 3. Replace Google+ API Calls
In your existing code, once your user signs in using ‘Google+ Sign-in’, you will acquire her access token, which has permissions she has granted to you, associated with it. You call one or more Google+ API endpoints with this access token to either retrieve the user information, or perform something on her behalf without requiring her intervention.
Identify all these Google+ API endpoints and find equivalent Google API endpoint.
The most commonly used Google+ API endpoint is perhaps the ‘/me’ endpoint that returns user information: https://www.googleapis.com//plus/v1/people/me
The new equivalent API endpoint is in Google People API endpoint: https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,occupations,organizations,addresses,locales
Note that the Google People API endpoint requires you to specify what user information you need (names, emailAddresses, etc.). The above is just an example, there are more information that you can retrieve from that endpoint. For more details, see the ‘personFields’ here.
If you are getting authorization errors from the Google People API endpoint and suspect that perhaps you are not calling the endpoint correctly, here is a ‘curl’ command that you can run to check.
You need to get your access token by logging in to Google. To get it, you can try the live code here, which will display the ‘access_token’ (in browser console log) once you successfully login.
If you need any help with OAuth2 or simplifying your user sign-in, sign-up, user management flow, come talk to an expert.