Google Developers Blog: authsub

A final farewell to ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0

Tuesday, April 21, 2015

Posted by William Denniss, Product Manager, Identity and AuthenticationSupport for ClientLogin, OAuth 1.0 (3LO¹), AuthSub, and OpenID 2.0 has ended, and the shutdown process has begun. Clients attempting to use these services will begin to fail and must be migrated to OAuth 2.0 or OpenID Connect immediately.To migrate a sign-in system, the easiest path is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our standards-based OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS. To migrate server API use, we recommend using one of our OAuth 2.0 client libraries.We are moving away from legacy authentication protocols, focusing our support on OpenID Connect and OAuth 2.0. These modern open standards enhance the security of Google accounts, and are generally easier for developers to integrate with.¹3LO stands for 3-legged OAuth where there's an end-user that provides consent. In contrast, 2-legged (2LO) correspond to Enterprise authorization scenarios such as organizational-wide policies control access. Both OAuth1 3LO and 2LO flows are deprecated, but this announcement is specific to OAuth1 3LO.

Reminder to migrate to OAuth 2.0 or OpenID Connect

Friday, March 20, 2015

Posted by William Denniss, Product Manager, Identity and AuthenticationClientLoginOAuth 1.0 (3LO)1AuthSubOpenID 2.0OAuth 2.0OpenID ConnectThe easiest way to migrate to these new standards is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS.If the migration for applications using these deprecated protocols is not completed before the deadline, the application will experience an outage in its ability to connect with Google (possibly including the ability to sign in) until the migration to a supported protocol occurs. To avoid any interruptions in service, it is critical that you work to migrate prior to the shutdown date.If you need to migrate your integration with Google:

Migrate from OpenID 2.0 to Google Sign-in

Migrate from OAuth 1.0 to OAuth 2.0

For AuthSub and ClientLogin, there is no migration support. You’ll need to start fresh with OAuth 2.0 and users need to re-consent

If you have any technical questions about migrating your application, please post questions to Stack Overflow under the tag google-oauth or google-openid. ¹ 3LO stands for 3-legged OAuth: There's an end-user that provides consent. In contrast, 2-legged (2LO) correspond to Enterprise authorization scenarios: organizational-wide policies control access. Both OAuth1 3LO and 2LO flows are deprecated.

Best Practices for User Authentication

Wednesday, March 16, 2011

recent announcementAuthSubOAuthOAuth 2ClientLoginHTTP 403


Error=BadAuthentication
Info=InvalidSecondFactor

generate an application-specific passwordthis articleThis guideBy Jeffrey Posnick, Google Developer Relations

Flashy New Authentication: AuthSub Adds Support for ActionScript

Friday, January 29, 2010

AuthSub for ActionScriptAuthSubGoogle Data Protocolcrossdomain.xmlPicasa Web Albums Data APIYouTube Data APIhttps://accounts.googleapis.com/accounts/AuthSub{Request,SessionToken}AuthSub for JavaScriptAuthSub for ActionScriptcode samplemore APIscrossdomain.xmlBy Joseph Schorr and Zach Maier, Google Data Protocol Team

May	JUN	Jul
	02
2018	2019	2020

A final farewell to ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0

Reminder to migrate to OAuth 2.0 or OpenID Connect

Best Practices for User Authentication

Flashy New Authentication: AuthSub Adds Support for ActionScript

Labels

Archive

Company-wide

Products

Developers