README.md in omniauth-google-oauth2-0.5.4 vs README.md in omniauth-google-oauth2-0.6.0

- old
+ new

@@ -5,12 +5,10 @@ Strategy to authenticate with Google via OAuth2 in OmniAuth. Get your API key at: https://code.google.com/apis/console/ Note the Client ID and the Client Secret. -**Note**: You must enable the "Contacts API" and "Google+ API" via the Google API console. Otherwise, you will receive an `OAuth2::Error`(`Error: "Invalid credentials"`) stating that access is not configured when you attempt to authenticate. - For more details, read the Google docs: https://developers.google.com/accounts/docs/OAuth2 ## Installation Add to your `Gemfile`: @@ -23,12 +21,10 @@ ## Google API Setup * Go to 'https://console.developers.google.com' * Select your project. -* Click 'Enable and manage APIs'. -* Make sure "Contacts API" and "Google+ API" are on. * Go to Credentials, then select the "OAuth consent screen" tab on top, and provide an 'EMAIL ADDRESS' and a 'PRODUCT NAME' * Wait 10 minutes for changes to take effect. ## Usage @@ -85,19 +81,17 @@ * `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details. * `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL. -* `verify_iss`: Allows you to disable iss validation when decoding the JWT. This was added since Google now returns either `accounts.google.com` or `https://accounts.google.com`, and there is no way to predict what they will return, causing JWT validation failures. - Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select his account when logging in and the user's profile picture is returned as a thumbnail: ```ruby Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], { - scope: 'userinfo.email, userinfo.profile, plus.me, http://gdata.youtube.com', + scope: 'userinfo.email, userinfo.profile, http://gdata.youtube.com', prompt: 'select_account', image_aspect_ratio: 'square', image_size: 50 } end @@ -139,12 +133,10 @@ "iss" => "accounts.google.com", "iat" => 1496117119, "exp" => 1496120719 }, "raw_info" => { - "kind" => "plus#personOpenIdConnect", - "gender" => "male", "sub" => "100000000000000000000", "name" => "John Smith", "given_name" => "John", "family_name" => "Smith", "profile" => "https://plus.google.com/+JohnSmith", @@ -242,52 +234,42 @@ The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows. ```javascript // Basic hybrid auth example following the pattern at: -// https://developers.google.com/api-client-library/javascript/features/authentication#Authexample -jQuery(function() { - return $.ajax({ - url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit', - dataType: 'script', - cache: true - }); -}); +// https://developers.google.com/identity/sign-in/web/reference -window.gpAsyncInit = function() { - gapi.auth.authorize({ - immediate: true, - response_type: 'code', - cookie_policy: 'single_host_origin', - client_id: 'YOUR_CLIENT_ID', - scope: 'email profile' - }, function(response) { - return; - }); - $('.googleplus-login').click(function(e) { - e.preventDefault(); - gapi.auth.authorize({ - immediate: false, - response_type: 'code', - cookie_policy: 'single_host_origin', - client_id: 'YOUR_CLIENT_ID', - scope: 'email profile' - }, function(response) { - if (response && !response.error) { - // google authentication succeed, now post data to server. - jQuery.ajax({type: 'POST', url: '/auth/google_oauth2/callback', data: response, - success: function(data) { - // response from server - } - }); - } else { - // google authentication failed - } +<script src="https://apis.google.com/js/platform.js?onload=init" async defer></script> + +... + +function init() { + gapi.load('auth2', function() { + // Ready. + $('.google-login-button').click(function(e) { + e.preventDefault(); + + gapi.auth2.authorize({ + client_id: 'YOUR_CLIENT_ID', + cookie_policy: 'single_host_origin', + scope: 'email profile', + response_type: 'code' + }, function(response) { + if (response && !response.error) { + // google authentication succeed, now post data to server. + jQuery.ajax({type: 'POST', url: '/auth/google_oauth2/callback', data: response, + success: function(data) { + // response from server + } + }); + } else { + // google authentication failed + } + }); }); }); }; - ``` #### Note about mobile clients (iOS, Android) The documentation at https://developers.google.com/identity/sign-in/ios/offline-access specifies the _REDIRECT_URI_ to be either a set value or an EMPTY string for mobile logins to work. Else, you will run into _redirect_uri_mismatch_ errors. @@ -307,10 +289,10 @@ OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http://localhost:3000' ``` ## License -Copyright (c) 2017 by Josh Ellithorpe +Copyright (c) 2018 by Josh Ellithorpe Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.