Posted by Vartika Agarwal, Technical Program Manager, Identity & Authentication, and Wesley Chun, Developer Advocate, Google(Cross-posted on Google Apps Developer Blog) As we indicated
several years ago, we are moving away from the
OAuth 1.0 protocol in order to focus our support on the current OAuth standard,
OAuth 2.0, which increases security and reduces complexity for developers.
OAuth 1.0 (3LO)* was shut down on April 20, 2015. During this final phase, we will be shutting down OAuth 1.0 (2LO) on
October 20, 2016. The easiest way to
migrate to the new standard is to use
OAuth 2.0 service accounts with domain-wide delegation.
If the migration for applications using these deprecated protocols is not completed before the deadline, those applications will experience an outage in their ability to connect with Google, possibly including the ability to sign-in, until the migration to a supported protocol occurs. To avoid any interruptions in service for your end-users, it is critical that you work to migrate your application(s) prior to the shutdown date.
With this step, we continue to move away from legacy authentication/authorization protocols, focusing our support on modern open standards that enhance the security of Google accounts and that are generally easier for developers to integrate with. If you have any technical questions about migrating your application, please post them to Stack Overflow under the tag
google-oauth.
*3LO stands for 3-legged OAuth: there's an end-user that provides consent. In contrast, 2-legged (2LO) doesn’t involve an end-user and corresponds to enterprise authorization scenarios such as enforcing organization-wide policy control access.Note: all launches are applicable to all Google Apps editions unless otherwise notedLaunch release calendarLaunch detail categoriesGet these product update alerts by emailSubscribe to the RSS feed of these updates