[DarrenZ]

What no one has mentioned so far is that this will have a direct impact on any sites, forums, apps, etc. that use Google+ Oauth for Google log in. My own support forum does and I received my first email about this only a couple of days ago.

>Please update your projects listed below by March 7, 2019 and ensure they are no longer using Google+ APIs, or requesting Google+ OAuth scopes.

Sure, it won't be that difficult to change, but this isn't something you do every day. You do it once and then forget about it. The initial investigation of how to add a Google login and then implementing it was done 2 years ago -- now I have to go off and research and learn how to do it all again in a different way.

[zawerf]

Google's own tutorials for node.js recommends using passport.js with google oauth: https://cloud.google.com/nodejs/getting-started/authenticate...

But that library hasn't been updated to not use the deprecated api yet: https://github.com/jaredhanson/passport-google-oauth2/issues...

And even when the fix lands, you still need to make specific code changes for it.

They can't possibly expect everyone to fix their social login code in time right? 50k weekly downloads: https://www.npmjs.com/package/passport-google-oauth20

[williamstein]

jaredhanson who maintains passport-google-oauth2 seems unfortunately MIA since October, and it seems he's the only one that can update that package. Google says they are degrading services already (starting Jan 28), so some sites could start seeing problems already. The fixes to the passport-google-oauth2 are nontrivial and require a fork (not just a configuration change). Fortunately, there's a lot of discussion on this PR: https://github.com/jaredhanson/passport-google-oauth2/pull/5...

At the bottom of the PR discussion, there is a link to a fork that somebody created here: https://github.com/passport-next/passport-google-oauth2 As far as I can tell, the only way to continue using node + google oauth right now is to switch to using that hard-to-find fork. That's what I've done with https://cocalc.com.

[bschwindHN]

They probably don't expect everyone to fix their stuff in time, but I'm sure the people who actually care about their product working are already taking care of it. Social logins aren't exactly rocket science. Especially when you use a library that does all the work for you.

[ygra]

We've received such an email on 2019-01-29, warning us that some parts of the API may fail as early as 2019-02-15 or 2019-01-28. IOW, breakage may have begun before the notification. Fun.

[dredmorbius]

Interesting to hear that it's not just G+ users who are getting dumped on by Google here.

Dropping functionality the day before the notice is sent is ... troubling.

As I've noted about several similar such instances previously: this is the company that wants us to trust it to build driverless cars and other such systems? Vastly better process and respect is required.

[projectramo]

Idea: an auth service that just interfaces with other auth services.

It will be free and will charge a fee for the following:

1. auto upgrading from discarded services

2. retrieving passwords that are forgotten

3. Changing around your login id (automatically) for various services so you won't have to remember what you used

[swift532]

But who watches the watchers? It would be supremely ironic if such a service shut down.

[projectramo]

You're right. It seems as though the service (perhaps every critical service) has to open source their code, let you self host, and then offer their own hosted version for a price.

[swift532]

Yeah, that makes sense to me. I'm not sure how profitable that can be, but it'd certainly be ethical and useful to people. I do think it'd be sustainable at least.

[kkarakk]

g+ oauth already aren't working properly on a couple of sites that i frequent(older chatboards)