问题
As per the latest circular, google plus oauth is depreciated. As per my understanding, i should be concerned only if i am using plus.me in my code.
My code:
google = oauth.remote_app(
'google',
consumer_key=app.config.get('GOOGLE_ID'),
consumer_secret=app.config.get('GOOGLE_SECRET'),
request_token_params={
'scope': ['https://www.googleapis.com/auth/userinfo.email'],
'access_type': 'offline',
'approval_prompt':'force'
},
base_url='https://www.googleapis.com/oauth2/v1/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://accounts.google.com/o/oauth2/token',
authorize_url='https://accounts.google.com/o/oauth2/auth',
)
However, i can still see openid in my google developer console. Scopes for Google APIs
- profile
- openid
Also, API response is returning scope as plus.me
Response from google auth: {
u'access_token': u'ya29.GluoFWy',
u'id_token'hbGciYA',
u'expires_in': 3600,
u'token_type': u'Bearer',
u'scope': u'https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/plus.me',
u'refresh_token': u'1/jgwO0w'}
I have checked that i am not accessing plus.me anywhere. I am really confused if i need code changes or not.
来源:https://stackoverflow.com/questions/54452938/how-to-remove-openid-since-google-auth-is-depreciated