diff --git a/concepts/google/WIP.md b/concepts/google/WIP.md deleted file mode 100644 index 2b1d31f5..00000000 --- a/concepts/google/WIP.md +++ /dev/null @@ -1,82 +0,0 @@ -https://developers.google.com/identity/gsi/web/guides/integrate -^ Good stuff here on redirect vs. popup - -GSI is also an implicit flow (but not using IDP-IFrame) where ID token is used for auth - - -https://developers.google.com/identity/gsi/web/guides/supported-browsers -^ Notes on FedCM and other efforts - - -https://developers.google.com/identity/sign-in/web/server-side-flow - -Legacy Sign-In is basically a implicit flow, where ID token is used for auth. -Or a hybrid flow, exchanging the code at the backend // TODO: make example for this - - -https://web.archive.org/web/20220401221354/https://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20151116/005865.html -^ has notes about relaying back to main window from popup - -"This allows RP to get authorization code without the need to add - an new endpoint to receive the response." - - - - -https://developers.facebook.com/docs/facebook-login/web/login-button -^ has comments on server-side registration code - -https://developers.facebook.com/docs/facebook-login/web/accesstokens -^ recommends passing access token back to server - -https://developers.facebook.com/docs/facebook-login/guides/access-tokens -^ Yikes. Calls tokens portable - -https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived -^ Interesting. Has new grant type for extending "short lived" access tokens after server auth - -Also has a way to generate another long lived token from a long lived token, and then -issue it to other apps. This all seems a bit overengineered equiv of refresh token - -https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-session-info -^ talks about passing access tokens back to server and debug_token as historical - -https://developers.facebook.com/docs/facebook-login/guides/%20access-tokens/debugging -^ debug token endpoint - - - -// can webmessage or localstorage relay, etc -https://stackoverflow.com/questions/46711271/oauth2-implicit-grant-with-popup-without-localstorage - -https://github.com/ricokahler/oauth2-popup-flow/blob/master/src/index.ts -https://gist.github.com/nightpool/a97dd650ed5eab10a64851f827a41d65 - -https://stackoverflow.com/questions/28230845/communication-between-tabs-or-windows -https://blog.bitsrc.io/4-ways-to-communicate-across-browser-tabs-in-realtime-e4f5f6cbedca -https://developer.mozilla.org/en-US/docs/Web/API/Window/storage_event - - -https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow -https://learn.microsoft.com/en-us/azure/active-directory-b2c/implicit-flow-single-page-application -https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow - - -## Classifications - - -Frontend-assisted authorization code flow - where state is maintained on frontend - -Hybrid - per OIDC definition, some tokens issued from token endpoint - - -Implicit with token-based authentication - - - -# Architectures - -https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-13.html - -Single Domain (not OAuth -> use cookies) - diff --git a/concepts/google/gsi.md b/concepts/google/gsi.md deleted file mode 100644 index e516c0ce..00000000 --- a/concepts/google/gsi.md +++ /dev/null @@ -1,30 +0,0 @@ -# Sign In with Google - -Google provides [Sign In with Google](https://developers.google.com/identity/gsi/web/guides/overview), -which is a browser-based SDK for adding authentication to a website. This SDK -is also referred to as Google Identity Services (GIS) when it is [used for -authorization](https://developers.google.com/identity/oauth2/web/guides/overview) -to obtain access tokens for Google APIs. - -(Note: Sign In with Google should not be confused with the similarly named -[Google Sign-In](../sign-in/). This legacy library was deprecated on March 31, -2023.) - -Sign In with Google is based on OpenID Connect and OAuth 2.0, and implements a -variant of the implicit flow. The implicit flow executes within a browser using -client-side JavaScript and offers enhanced user experience via [One Tap](https://developers.google.com/identity/gsi/web/guides/offerings#one_tap), -[automatic sign-in](https://developers.google.com/identity/gsi/web/guides/offerings#automatic_sign-in), -and a [personalized button](https://developers.google.com/identity/gsi/web/guides/offerings#sign_in_with_google_button). - -For applications that rely on Google as their primary method of authenticating -users, these enhancements may increase conversion and use of Sign In with Google -should be considered. In this case, Sign In with Google can be used in -combination with the [passport-google-one-tap](https://www.passportjs.org/packages/passport-google-one-tap/) -strategy to [add authentication to the application's backend](https://developers.google.com/identity/gsi/web/guides/verify-google-id-token). - -For applications that offer Google alongside other social login options, we -recommend using [OpenID Connect](../openid-connect/). This eliminates the need -to add a client-side JavaScript dependency, and instead operates on the -server-side where the resulting tokens can receive the strongest security -protections. Furthermore, Passport itself lowers the implementation time and -reduces the amount of knowledge required to add OAuth support to an application. diff --git a/concepts/google/gsi/index.html b/concepts/google/gsi/index.html deleted file mode 100644 index b2511016..00000000 --- a/concepts/google/gsi/index.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - Google Identity Overview: Sign In with Google - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- - -
-
-
-
    - - -
  • 0
    • -
-
-
- -
-
-
- -
-
-

Sign In with Google

-

Google provides Sign In with Google, -which is a browser-based SDK for adding authentication to a website. This SDK -is also referred to as Google Identity Services (GIS) when it is used for -authorization -to obtain access tokens for Google APIs.

-

(Note: Sign In with Google should not be confused with the similarly named -Google Sign-In. This legacy library was deprecated on March 31, -2023.)

-

Sign In with Google is based on OpenID Connect and OAuth 2.0, and implements a -variant of the implicit flow. The implicit flow executes within a browser using -client-side JavaScript and offers enhanced user experience via One Tap, -automatic sign-in, -and a personalized button.

-

For applications that rely on Google as their primary method of authenticating -users, these enhancements may increase conversion and use of Sign In with Google -should be considered. In this case, Sign In with Google can be used in -combination with the passport-google-one-tap -strategy to add authentication to the application's backend.

-

For applications that offer Google alongside other social login options, we -recommend using OpenID Connect. This eliminates the need -to add a client-side JavaScript dependency, and instead operates on the -server-side where the resulting tokens can receive the strongest security -protections. Furthermore, Passport itself lowers the implementation time and -reduces the amount of knowledge required to add OAuth support to an application.

-
-
-
-
-
-
-
-
-

SEARCH FOR STRATEGIES

-
- -
-

0STRATEGIES

-
-
-
-
-
-
- - - \ No newline at end of file diff --git a/concepts/google/index.html b/concepts/google/index.html deleted file mode 100644 index bbcf801c..00000000 --- a/concepts/google/index.html +++ /dev/null @@ -1,142 +0,0 @@ - - - - Google Identity Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- - -
-
-
-
    - - -
  • 0
    • -
-
-
- -
-
-
- -
-
-

Google

-

Google Identity offers a suite of SDKs -and protocols that enables users to sign into apps using their Google accounts -and authorize apps to use Google services.

-

The SDKs that Google offers support a range of platforms, including the web, -Android, and iOS. These SDKs are constantly evolving, with new ones being -introduced and old ones being deprecated over time. Meanwhile, these SDKs -leverage industry-standard protocols, such as OpenID Connect and OAuth 2.0, as -well as Google-specific extensions to these protocols.

-

The full extent of the Google Identity platform can make it difficult to get -started and know which SDKs and/or protocols to use. This guide provides an -overview of how to use Passport to build web applications that use Google -Identity protocols and SDKs.

-
-
-
-
-
-
-
-
-

SEARCH FOR STRATEGIES

-
- -
-

0STRATEGIES

-
-
-
-
-
-
- - - \ No newline at end of file diff --git a/concepts/google/oauth.md b/concepts/google/oauth.md deleted file mode 100644 index 58e27b7d..00000000 --- a/concepts/google/oauth.md +++ /dev/null @@ -1,12 +0,0 @@ -# OAuth 1.0 - -Google previously supported [OAuth 1.0](https://web.archive.org/web/20150317172055/https://developers.google.com/accounts/docs/OAuth). -OAuth 1.0 was [deprecated](https://developers.googleblog.com/2012/04/changes-to-deprecation-policies-and-api.html) -on April 20, 2012 and shut down on April 20, 2015. - -Support for using OAuth 1.0 within Passport was provided by -[`passport-google-oauth1`](https://www.passportjs.org/packages/passport-google-oauth1/). -Due to the fact that Google no longer supports OAuth 1.0, this strategy is no -longer functional. - -Any existing applications using OAuth 1.0 should migrate to [OAuth 2.0](../oauth2/). diff --git a/concepts/google/oauth2.md b/concepts/google/oauth2.md deleted file mode 100644 index c2038c8c..00000000 --- a/concepts/google/oauth2.md +++ /dev/null @@ -1,20 +0,0 @@ -# OAuth 2.0 - -Google supports [OAuth 2.0](https://developers.google.com/identity/protocols/oauth2), -an open, industry-standard protocol that enables apps to securely call APIs. - -Support for using OAuth 2.0 within Passport is provided by the [passport-google-oauth20](https://www.passportjs.org/packages/passport-google-oauth20/) -strategy. This strategy implements the OAuth 2.0 authorization code flow and -operates entirely within the backend, where the resulting tokens can receive the -strongest protections. - -If you want to add a "Sign in with Google" button to your website or -application, we recommend using [OpenID Connect](../openid-connect/), rather -than OAuth 2.0. OpenID Connect provides an identity layer on top of OAuth 2.0, -and using the combination provides complete authentication and authorization -capabilities, two features which are often paired together. - -That being said, many applications don't require the capabilities of OpenID -Connect. For instance, some applications may only need authorized access to -Google APIs, without using Google for authentication. In these scenarios, -using OAuth 2.0 alone remains a viable and popular option. diff --git a/concepts/google/oauth2/index.html b/concepts/google/oauth2/index.html deleted file mode 100644 index d1095269..00000000 --- a/concepts/google/oauth2/index.html +++ /dev/null @@ -1,145 +0,0 @@ - - - - Google Identity Overview: OAuth 2.0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- - -
-
-
-
    - - -
  • 0
    • -
-
-
- -
-
-
- -
-
-

OAuth 2.0

-

Google supports OAuth 2.0, -an open, industry-standard protocol that enables apps to securely call APIs.

-

Support for using OAuth 2.0 within Passport is provided by the passport-google-oauth20 -strategy. This strategy implements the OAuth 2.0 authorization code flow and -operates entirely on the server-side, where the resulting tokens can receive the -strongest protections.

-

If you want to add a "Sign in with Google" button to your website or -application, we recommend using OpenID Connect, rather -than OAuth 2.0. OpenID Connect provides an identity layer on top of OAuth 2.0, -and using the combination provides complete authentication and authorization -capabilities, two features which are often paired together.

-

That being said, many applications don't require the capabilities of OpenID -Connect. For instance, some applications may only need authorized access to -Google APIs, without using Google for authentication. In these scenarios, -using OAuth 2.0 alone remains a viable and popular option.

-
-
-
-
-
-
-
-
-

SEARCH FOR STRATEGIES

-
- -
-

0STRATEGIES

-
-
-
-
-
-
- - - \ No newline at end of file diff --git a/concepts/google/openid-connect.md b/concepts/google/openid-connect.md deleted file mode 100644 index 56cddb58..00000000 --- a/concepts/google/openid-connect.md +++ /dev/null @@ -1,12 +0,0 @@ -# OpenID Connect - -Google supports [OpenID Connect](https://developers.google.com/identity/openid-connect/openid-connect), -an open, industry-standard protocol that provides an identity layer on top of -[OAuth 2.0](https://developers.google.com/identity/protocols/oauth2). Combined, -these two protocols offer a complete authentication and authorization solution. - -If you want to add a "Sign in with Google" button to your website or -application, we recommend using OpenID Connect with the [passport-google-oidc](https://www.passportjs.org/packages/passport-google-oidc/) -strategy. This strategy implements the OpenID Connect authorization code flow -and operates entirely within the backend, where the resulting tokens can -receive the strongest security protections. diff --git a/concepts/google/openid-connect/index.html b/concepts/google/openid-connect/index.html deleted file mode 100644 index 17d9ee8b..00000000 --- a/concepts/google/openid-connect/index.html +++ /dev/null @@ -1,139 +0,0 @@ - - - - Google Identity Overview: OpenID Connect - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- - -
-
-
-
    - - -
  • 0
    • -
-
-
- -
-
-
- -
-
-

OpenID Connect

-

Google supports OpenID Connect, -an open, industry-standard protocol that provides an identity layer on top of -OAuth 2.0. Combined, -these two protocols offer a complete authentication and authorization solution.

-

If you want to add a "Sign in with Google" button to your website or -application, we recommend using OpenID Connect with the passport-google-oidc -strategy. This strategy implements the OpenID Connect authorization code flow -and operates entirely on the server-side, where the resulting tokens can -receive the strongest security protections.

-
-
-
-
-
-
-
-
-

SEARCH FOR STRATEGIES

-
- -
-

0STRATEGIES

-
-
-
-
-
-
- - - \ No newline at end of file diff --git a/concepts/google/openid.md b/concepts/google/openid.md deleted file mode 100644 index 3da39a87..00000000 --- a/concepts/google/openid.md +++ /dev/null @@ -1,10 +0,0 @@ -# OpenID - -Google previously supported [OpenID 2.0](https://web.archive.org/web/20150317150909/https://developers.google.com/accounts/docs/OpenID2). -OpenID 2.0 was [deprecated](https://web.archive.org/web/20150317085555/https://developers.google.com/accounts/docs/OpenID) and shut down on April 20, 2015. - -Support for using OpenID 2.0 within Passport was provided by [`passport-google`](https://www.passportjs.org/packages/passport-google/). -Due to the fact that Google no longer supports OpenID 2.0, this strategy is no -longer functional. - -Any existing applications using OpenID 2.0 should migrate to [OpenID Connect](../openid-connect/). diff --git a/concepts/google/sign-in.md b/concepts/google/sign-in.md deleted file mode 100644 index 8d7f14e9..00000000 --- a/concepts/google/sign-in.md +++ /dev/null @@ -1,34 +0,0 @@ -# Google Sign-In - -Google provides [Google Sign-In](https://developers.google.com/identity/sign-in/web/sign-in), -which was [deprecated](https://developers.google.com/identity/sign-in/web/deprecation-and-sunset) -on March 31, 2023. Google Sign-In is a browser-based SDK for adding -authentication to a website. It has been superseded by [Sign In with Google](../gsi/) -which offers similar functionality and security enhancements. - -(Note: Google Sign-In was previously known as Google+ Sign-In, until the -[introduction of the Google Identity Platform](https://developers.googleblog.com/2015/05/introducing-google-identity-platform.html) -on May 28, 2015. [Google+](https://en.wikipedia.org/wiki/Google%2B) was a -reference to Google's social network which was [shut down](https://blog.google/technology/safety-security/expediting-changes-google-plus/) -on April 2, 2019.) - -Google Sign-In is based on OpenID Connect and OAuth 2.0, and implements a -variant of the implicit flow known as the [IDP-IFrame-based](https://lists.openid.net/pipermail/openid-specs-ab/2015-November/005865.html) -implicit flow. - -Due to the fact that this library is deprecated, new applications should adopt -[Sign In with Google](../gsi/) if they rely on Google as their primary method of -authenticating users. Existing applications are encouraged to [migrate](https://developers.google.com/identity/gsi/web/guides/migration). -Existing applications that have not yet migrated will continue to function until -Google Sign-In is [sunset](https://developers.google.com/identity/sign-in/web/deprecation-and-sunset), -the date for which is to be determined. - -For those applications that continue to use this legacy library, Google Sign-In -can be used in combination with the [passport-google-id-token](https://www.npmjs.com/package/passport-google-id-token) -strategy to [add authentication to the application's backend](https://developers.google.com/identity/sign-in/web/backend-auth). - -Just as with Sign In with Google, we recommend using [OpenID Connect](../openid-connect/) -for applications that offer Google alongside other social login options. This -eliminates the need to add a client-side JavaScript dependency, and instead -operates on the server-side where the resulting tokens can receive the strongest -security protections. diff --git a/concepts/google/sign-in/index.html b/concepts/google/sign-in/index.html deleted file mode 100644 index d706dae3..00000000 --- a/concepts/google/sign-in/index.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - Google Identity Overview: Google Sign-In - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-
- - -
-
-
-
    - - -
  • 0
    • -
-
-
- -
-
-
- -
-
-

Google Sign-In

-

Google provides Google Sign-In, -which was deprecated -on March 31, 2023. Google Sign-In is a browser-based SDK for adding -authentication to a website. It has been superseded by Sign In with Google -which offers similar functionality and security enhancements.

-

(Note: Google Sign-In was previously known as Google+ Sign-In, until the -introduction of the Google Identity Platform -on May 28, 2015. Google+ was a -reference to Google's social network which was shut down -on April 2, 2019.)

-

Google Sign-In is based on OpenID Connect and OAuth 2.0, and implements a -variant of the implicit flow known as the IDP-IFrame-based -implicit flow.

-

Due to the fact that this library is deprecated, new applications should adopt -Sign In with Google if they rely on Google as their primary method of -authenticating users. Existing applications are encouraged to migrate. -Existing applications that have not yet migrated will continue to function until -Google Sign-In is sunset, -the date for which is to be determined.

-

For those applications that continue to use this legacy library, Google Sign-In -can be used in combination with the passport-google-id-token -strategy to add authentication to the application's backend.

-

Just as with Sign In with Google, we recommend using OpenID Connect -for applications that offer Google alongside other social login options. This -eliminates the need to add a client-side JavaScript dependency, and instead -operates on the server-side where the resulting tokens can receive the strongest -security protections.

-
-
-
-
-
-
-
-
-

SEARCH FOR STRATEGIES

-
- -
-

0STRATEGIES

-
-
-
-
-
-
- - - \ No newline at end of file