[opw-web] Migrate Google logins to non-deprecated APIs

From: Owen Taylor <otaylor src gnome org>
To: commits-list gnome org
Cc:
Subject: [opw-web] Migrate Google logins to non-deprecated APIs
Date: Tue, 25 Mar 2014 15:27:31 +0000 (UTC)
commit 655f70480c99d36d947420a29ba4b15909a33901
Author: Owen W. Taylor <otaylor fishsoup net>
Date:   Tue Mar 25 11:23:37 2014 -0400

    Migrate Google logins to non-deprecated APIs
    
    The API's that HybridAuth was using are now deprecated; the upstream
    HybridAuth changes things to use a Google+ scope that asks the
    user for things we don't want or need: access to their Google+
    circles and the ability to share that they are using our application
    with their Google+ circles. Instead use the "OpenID Connect" scopes,
    which don't do that, and switch the code that gets the user's
    information to use the OpenID connect version of people.get, which
    has a similar format to what the code already parses.
    
    (We could also use people.get with the same scopes, and get a richer
    reply, but this has everything we need.)
    
    See:
    
    https://developers.google.com/+/api/auth-migration

 auth/Hybrid/Providers/Google.php |   11 ++++++-----
 classes/class_user.php           |    4 +---
 2 files changed, 7 insertions(+), 8 deletions(-)
---
diff --git a/auth/Hybrid/Providers/Google.php b/auth/Hybrid/Providers/Google.php
index 87095a3..ff88871 100644
--- a/auth/Hybrid/Providers/Google.php
+++ b/auth/Hybrid/Providers/Google.php
@@ -54,21 +54,22 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2
                $this->refreshToken();
 
                // ask google api for user infos
-               $response = $this->api->api( "https://www.googleapis.com/oauth2/v1/userinfo"; ); 
+               $response = $this->api->api( "https://www.googleapis.com/plus/v1/people/me/openIdConnect"; );
 
-               if ( ! isset( $response->id ) || isset( $response->error ) ){
+               if ( ! isset( $response->sub ) || isset( $response->error ) ){
                        throw new Exception( "User profile request failed! {$this->providerId} returned an 
invalid response.", 6 );
                }
 
-               $this->user->profile->identifier    = (property_exists($response,'id'))?$response->id:"";
+               $this->user->profile->identifier    = (property_exists($response,'sub'))?$response->sub:"";
                $this->user->profile->firstName     = 
(property_exists($response,'given_name'))?$response->given_name:"";
                $this->user->profile->lastName      = 
(property_exists($response,'family_name'))?$response->family_name:"";
                $this->user->profile->displayName   = (property_exists($response,'name'))?$response->name:"";
                $this->user->profile->photoURL      = 
(property_exists($response,'picture'))?$response->picture:"";
-               $this->user->profile->profileURL    = "https://profiles.google.com/"; . 
$this->user->profile->identifier;
+               $this->user->profile->profileURL    = 
(property_exists($response,'profile'))?$response->profile:"";
                $this->user->profile->gender        = 
(property_exists($response,'gender'))?$response->gender:""; 
                $this->user->profile->email         = 
(property_exists($response,'email'))?$response->email:"";
-               $this->user->profile->emailVerified = 
(property_exists($response,'email'))?$response->email:"";
+               if (property_exists($response,'email_verified') && $response->email_verified == 'true')
+                       $this->user->profile->emailVerified = 
(property_exists($response,'email'))?$response->email:"";
                $this->user->profile->language      = 
(property_exists($response,'locale'))?$response->locale:"";
 
                if( property_exists($response,'birthday') ){ 
diff --git a/classes/class_user.php b/classes/class_user.php
index 8b5a25f..1a169c0 100644
--- a/classes/class_user.php
+++ b/classes/class_user.php
@@ -55,8 +55,7 @@ class user
                              "id" => $config->auth_google_id,
                              "secret" => $config->auth_google_secret
                          ),
-                         "scope" => "https://www.googleapis.com/auth/userinfo.profile ".
-                                    "https://www.googleapis.com/auth/userinfo.email"; ,
+                         "scope" => "openid email profile" ,
                           // We need to have offline access because HybridAuth's google provider doesn't
                           // deal well with the case where it has an expired acess token and no refresh
                           // token. (A refresh token is only given to offline clients.)
@@ -265,7 +264,6 @@ class user
     {
         $hybridauth = $this->hybridauth();
         if ($hybridauth->authenticate("Google", array (
-            'scope' => 'https://www.googleapis.com/auth/userinfo.profile 
https://www.googleapis.com/auth/userinfo.email',
             'hauth_return_to' => Hybrid_Auth::getCurrentUrl() . '&p=Google'
         ))) {
             return $this->finish_login('Google');
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]