Google-signin: Google+ shutdown

same issue

Any updates on this?

hi! I'm not aware of using any google plus apis in this library, but I may be wrong.

and this is the code which in my opinion causes it:
var userInfo = await GoogleSignin.signIn();

what makes you think that? What do you mean by "It returns user as well as method in mail (plus.people.get)."?

If anyone can find any google plus apis in this lib, please share your findings here. Thanks.

hi! I'm not aware of using any google plus apis in this library, but I may be wrong.

and this is the code which in my opinion causes it:
var userInfo = await GoogleSignin.signIn();

what makes you think that? What do you mean by "It returns user as well as method in mail (plus.people.get)."?

If anyone can find any google plus apis in this lib, please share your findings here. Thanks.

Anyway, we get the mail about Google+ shutdown and wonder if that will break login by Google

GoogleSignin.configure({
            scopes: [
                "https://www.googleapis.com/auth/contacts.readonly",
                "https://www.googleapis.com/auth/user.phonenumbers.read",
                "https://www.googleapis.com/auth/plus.login",
                "https://www.googleapis.com/auth/user.birthday.read",
                "https://www.googleapis.com/auth/plus.profiles.read",
            ],

In my case login scope "https://www.googleapis.com/auth/plus.login" uses "plus.people.get" as I can see it in Google+ docs

And what about "Google+ integrations for web or mobile apps are also being shut down"?

@Desintegrator I think the problem in your case is that you're using google plus scopes, like "https://www.googleapis.com/auth/plus.profiles.read". My guess is you need to stop using them.

@Desintegrator I think the problem in your case is that you're using google plus scopes, like "https://www.googleapis.com/auth/plus.profiles.read". My guess is you need to stop using them.

And how should I replace "https://www.googleapis.com/auth/plus.login" scope?

hi! I'm not aware of using any google plus apis in this library, but I may be wrong.

and this is the code which in my opinion causes it:
var userInfo = await GoogleSignin.signIn();

what makes you think that? What do you mean by "It returns user as well as method in mail (plus.people.get)."?

If anyone can find any google plus apis in this lib, please share your findings here. Thanks.

What I meant by this is:
await GoogleSignin.signIn() returns informations about user and method shown in email (plus.people.get) also returns the same information. But maybe my configuration is the problem? I don't specify scopes so maybe default ones are using google+ api? My code:
GoogleSignin.configure({ offlineAccess: false, webClientId: "***.apps.googleusercontent.com" });

hi! I'm not aware of using any google plus apis in this library, but I may be wrong.

and this is the code which in my opinion causes it:
var userInfo = await GoogleSignin.signIn();

what makes you think that? What do you mean by "It returns user as well as method in mail (plus.people.get)."?
If anyone can find any google plus apis in this lib, please share your findings here. Thanks.

What I meant by this is:
await GoogleSignin.signIn() returns informations about user and method shown in email (plus.people.get) also returns the same information. But maybe my configuration is the problem? I don't specify scopes so maybe default ones are using google+ api? My code:
GoogleSignin.configure({ offlineAccess: false, webClientId: "***.apps.googleusercontent.com" });

@GustawOhler
any solutions?

@Desintegrator I think the problem in your case is that you're using google plus scopes, like "https://www.googleapis.com/auth/plus.profiles.read". My guess is you need to stop using them.

@vonovak
I deleted these scopes but not sure if it's ok now.

Can u please read this migration guide and make sure that everything will be ok?

@Desintegrator I read the guide and I believe this package is okay, ie. it will continue working just fine, but I might be wrong ofc.

@vonovak do you have any solution for me?

@vonovak
I found out that in iOS GoogleSignin.signIn() returns user info like

{
   user:
      { photo,
        familyName,
        name,
        email,
        id,
        givenName},
   accessTokenExpirationDate,
   serverAuthCode,
   scopes: 
      [ 'https://www.googleapis.com/auth/contacts.readonly',
        'https://www.googleapis.com/auth/userinfo.profile',
        'https://www.googleapis.com/auth/user.birthday.read',
        'https://www.googleapis.com/auth/userinfo.email',
        'https://www.googleapis.com/auth/user.phonenumbers.read' ] 
}

It's ok, but in Android i have scopes like

scopes: 
['https://www.googleapis.com/auth/plus.profiles.read',
  'https://www.googleapis.com/auth/plus.me',
  'https://www.googleapis.com/auth/userinfo.email',
  'https://www.googleapis.com/auth/userinfo.profile',
  'https://www.googleapis.com/auth/plus.profile.language.read',
  'https://www.googleapis.com/auth/user.birthday.read',
  'https://www.googleapis.com/auth/contacts.readonly',
  'https://www.googleapis.com/auth/user.phonenumbers.read',
  'https://www.googleapis.com/auth/plus.profile.agerange.read'],

You can see plus API here. This look like not correct

This makes me worry. I still have plus api as in comment above

I got this as well!

I also got plus.profile.emails.read, plus.me, plus.profile.language.read, plus.profile.agerange.read

Does this mean that this package will be broken within the next month and a half?

Do we know which APIs are called exactly and when? Do we know about the new API?

Same issue. Mby old version of react-native-google-signin used G+ APIs?

@imelos No
Im using the actual version 1.0.2

Getting same problem plus.me
Using 1.0.1

GoogleSignin.configure({
     iosClientId: "***",
     webClientId: "***.apps.googleusercontent.com"
});

@devfd @vonovak @jozan @AndreiCalazans
anyone who can help with?

I think this may have to do with the scopes defined in the Google API console: https://console.cloud.google.com/apis/credentials/consent

I see openid there, which is the auth/plus.me scope. Note the lack of a thrwashcan though, I cannot delete it.

@saghul hum, it's a good path I think !
Here's mine:

It's weird to get email profile and openid twice, but it's seems they're the same because tooltips are identical.

• email : https://www.googleapis.com/auth/userinfo.email
• profile : https://www.googleapis.com/auth/userinfo.profile
• openid : https://www.googleapis.com/auth/plus.me

@Freddy03h Does openid disappear for you when you delete it? For me a single copy remains there, so I don't know what to make of it.

I also suspect the apps I already have in the store may keep requesting that scope, but I'm just guessing...

@saghul I do not know I have not deleted it yet, too afraid 😅

@saghul Mine doesn't disappear after deleted, single copy still there same as yours

But when i called GoogleSignin.signIn(), it returns

accessToken: "xxx"
accessTokenExpirationDate: 3599.9798510074615
idToken: "xxx"
scopes: (2) ["https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"]
serverAuthCode: "xxx"
user: {email: "[email protected]", id: "xxx", ..}

Note that the scopes used doesn't contain plus.me. Does this means this is the fix?

Looks like it.

@anniewey, which platform is it? Try Android, I have plus APIs only there

New email:

Dear Developer,

Earlier this week we sent you an email related to your projects that will be impacted by the Google+ API shutdown, which also affects requests for Google+ OAuth scopes.

The email listed that one or more of your projects are requesting the “plus.me” scope, and would thus be affected. We would like to clarify that only projects directly requesting the “plus.me” scope are affected. This scope may have been listed in some emails, even if not directly requested by your project. We apologize for any confusion caused.

If you are directly requesting the “plus.me” scope, any other Google+ OAuth scopes, or making any Google+ API calls, please ensure that you remove these requests from your project before March 7, 2019.

To see if your project is directly requesting the “plus.me” or any other Google+ OAuth scopes:

If your project is written in Google Apps Script, you can view which scopes your project is requesting by reviewing your project properties in App Script Editor.
If your project is not written in Google Apps Script, please check your code for references to “plus.me” in OAuth scope requests. We recommend that you review projects using any 3rd-party libraries that support sign-in or social functionality, as these may also be affected by the shutdown.
Thanks for being a valued Google+ Developer.

Sincerely,
The Google+ API team

@saghul That's great. Thanks!
@Desintegrator I'm using the default scopes of this library for both platforms. I've deleted openid in the scope (refer pic above)

@Freddy03h I got the same mail.

After following their new suggestion of checking the code base for references to plus.me I couldn't find any. Can we now with sufficient certainty say that this project and none of its dependencies call any of the google plus APIs which will be shut down on 2018-03-07?

I'm afraid some more work is needed.

Here https://github.com/react-native-community/react-native-google-signin/blob/446296caaebf232fd511094066a9aa192dd85039/android/src/main/java/co/apptailor/googlesignin/RNGoogleSigninModule.java#L277 we are using GoogleAuthUtil.getToken which is supposed to be deprecated: https://developers.google.com/identity/sign-in/android/migration-guide

I'm afraid some more work is needed.

Here

react-native-google-signin/android/src/main/java/co/apptailor/googlesignin/RNGoogleSigninModule.java

Line 277 in 446296c

String token = GoogleAuthUtil.getToken(moduleInstance.getReactApplicationContext(),
we are using GoogleAuthUtil.getToken which is supposed to be deprecated: https://developers.google.com/identity/sign-in/android/migration-guide

Don't u know how to fix it?

Any news on this issue?
Is the line of code mentioned by @saghul going to affect the android users of the library?

Migrating GoogleAuthUtil.getToken doesnt seem necessary, the doc says it's only for "greater security and a better user experience" rather than for deprecation.

Can you confirm we don't need to migrate that part @vonovak?

https://developers.google.com/identity/sign-in/android/quick-migration-guide

@hery to remove the deprecated call we just need to remove https://github.com/react-native-community/react-native-google-signin/blob/6f020a91d019dc0118aadd0e85390c0d3b1c398c/android/src/main/java/co/apptailor/googlesignin/RNGoogleSigninModule.java#L171

and resolve the promise with what is in the Account instance (using WritableMap userParams = getUserProperties(account);). Feel free to open a PR for that.

However, even though the feature is deprecated, I do not think we necessarily need to remove it because of google plus - as you said.

@vonovak Got it, thanks! But don't we still want an access token, which we could get through a different token flow?

https://developers.google.com/identity/sign-in/android/backend-auth

@hery https://github.com/react-native-community/react-native-google-signin#gettokens could be used for that

But it calls startTokenRetrievalTaskWithRecovery too, so same issue, no?

Shouldn't it rather use Auth.GOOGLE_SIGN_IN_API with GoogleSignInOptions.Builder.requestIdToken(...) configuration?

@hery sorry, you're correct that won't give us accessToken I'm afraid

Hmm right the use case for the ID token flow is a bit different, so confusing!

https://developers.google.com/android/reference/com/google/android/gms/auth/GoogleAuthUtil#getToken(android.content.Context,%20android.accounts.Account,%20java.lang.String,%20android.os.Bundle)

@vonovak I assume it wouldn't make sense to force either ID token flow or auth code flow within the library just to remove the getToken call, right?

Would the ideal solution be to modify the architecture to support all 4 flows mentioned in the doc above, i.e:

• access token flow for "protocols like SASL XOAUTH2"
• authorizing with Google for REST APIs
• using Google Sign-In API to retrieve an ID token
• using Google Sign-In API to retrieve an auth code

@hery the conversation is not related to the original topic any more, can you please open a separate issue to discuss this?

You're right, this issue seems to be solved, thank you.

So is this issue sorted out anyone?

With Warm Regards,
Rishabh Poddar

On 5 Mar 2019, at 21:09, hery notifications@github.com wrote:

You're right, this issue seems to be solved, thank you.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/react-native-community/react-native-google-signin/issues/595#issuecomment-469728052, or mute the thread https://github.com/notifications/unsubscribe-auth/AC1qH7uZXjio5_L6ppuWc9TLEmwKecF8ks5vTo_JgaJpZM4Zd2dk.

Since all Google+ APIs and integrations have stopped functioning as of Match 7, 2019 and no issues have been reported I consider this resolved. I'll close and lock this conversation. New issues about this topic will be handled case by case so create a new issue if you experience any problems.