Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9179

Google Identity Provider Uses Deprecated Profile API

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      The GoogleIdentityProvider (keycloak\services\src\main\java\org\keycloak\social\google\GoogleIdentityProvider.java) uses the Google+ API for profile information, via the hard-coded profile URL hard-coded into it ("https://www.googleapis.com/plus/v1/people/me/openIdConnect").

      Google has deprecated this API, and apparently plans to shut it down completely by 7 March 2019, with intermittent failures starting 28 January 2019. See: https://developers.google.com/+/web/api/rest/latest/people/get
      https://developers.google.com/+/api-shutdown

      Since the GoogleIdentityProvider is already using the oauth2/v2 endpoints, it seems like a very simple change to the following endpoint for (basic) profile information would address the issue: https://www.googleapis.com/oauth2/v2/userinfo

      However, I don't see fixed mappings in the provider now, which I suppose means anyone using them is building them on a per-installation basis (is that right?), and so we'd need to address that migration path. Additionally, it is possible that it would make sense to convert to the people API, which provides much fuller profile information. However, unlike with oauth2/v2 endpoints, that would require developers specifically enable it (as they currently have to for Google+, but do not have to for basic profile and signin).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  hmlnarik Hynek Mlnařík
                  Reporter:
                  jamespc James Campbell
                • Votes:
                  7 Vote for this issue
                  Watchers:
                  11 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: