Update Google OAuth for new sign in method (old method deprecated from March 2023)

Feature Request
#1

As per - https://developers.google.com/identity/sign-in/web/sign-in - Google is deprecating their Oauth2 web sign in and replacing it with https://developers.google.com/identity/gsi/web/guides/overview

Previously you could set up your Oauth2 in a Server Connect for login and then those credentials would be valid throughout your site until the access token expired. They’ve now separated Authentication and Authorization so the current process will no longer work in Wappler. There is a guide here https://developers.google.com/identity/gsi/web/guides/migration for migrating from the old way to the new.

I spent a few hours trying to get it to work but only got as far as getting the sign in working and logging the response in the console. Hopefully that’s at least a little helpful as a start.

<!--Code for the sign on-->
<script src="https://accounts.google.com/gsi/client" async defer></script>

<!--Needed to decode the returned JWT-->
<script src="https://unpkg.com/jwt-decode/build/jwt-decode.js"></script>

Code for the buttons…

<div id="g_id_onload" data-client_id="YOUR_CLIENT_ID.apps.googleusercontent.com" data-context="signin" data-ux_mode="popup" data-login_uri="https://app.triptakers.travel/New_Google.php" data-auto_prompt="false" data-callback="handleCredentialResponse">

            </div>

            <div class="g_id_signin" data-type="standard" data-shape="pill" data-theme="filled_blue" data-text="signin_with" data-size="large" data-logo_alignment="left">

            </div>

            function decodeJwtResponse(r){
        var decoded = jwt_decode(r);
        return decoded;
    }

Code to handle the returned response

function decodeJwtResponse®{

        var decoded = jwt_decode(r);

        return decoded;

    }



    function handleCredentialResponse(response) {

     // decodeJwtResponse() is a custom function defined by you

     // to decode the credential response.

     const responsePayload = decodeJwtResponse(response.credential);



     console.log("ID: " + responsePayload.sub);

     console.log('Full Name: ' + responsePayload.name);

     console.log('Given Name: ' + responsePayload.given_name);

     console.log('Family Name: ' + responsePayload.family_name);

     console.log("Image URL: " + responsePayload.picture);

     console.log("Email: " + responsePayload.email);



  }

I think what needs to happen next is the server needs to verify the Google Id token I tried installing the PHP library and following the instructions at https://developers.google.com/identity/gsi/web/guides/verify-google-id-token but didn’t quite get it working.

#2
#3

I don’t believe OAuth2 is deprecated, it is only the Google Sign-In JavaScript library that is deprecated. Server-Side OAuth2 will keep working.

Using OAuth 2.0 to Access Google APIs | Authorization | Google Developers

#4

The problem is the server authentication is no longer valid on the client side.

#5

Not sure what you mean, which of the Wappler components are affected by it?

#6

I need users to sign in client side to access their Google data. From what I gather, how it works now is that when the user signs in that gets an authorization from Google which automatically passes back to the server side. They are changing that so that the token will need to be passed to the server manually.

So the process I describe here - Google OAuth & Photos API Tutorial - Part Two: Google Login will no longer work because that’s a client side login.

Maybe this is helpful - https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#authorization_code_flow_examples

Assistance needed to work with Google Drive API
#7

The server-side OAuth2 isn’t affected and we have no client-side support in Wappler. The way it currently works is that the server action redirects the user and handles the whole OAuth2 flow.

The new google API is for client-side authorization. On the client you can’t use the client secret and requires extra security, the new library has a better UX and CSRF protection. Will have a look at this new lib to see if we could create some client-side component with it.

1 Like
#8

Great. Thanks.

#9

Muchas gracias, me ayudo mucho tu publicación.