My application uses ClientLogin for authenticating a user. Is this deprecated? What should it be replaced with? And how?
Asked
Active
Viewed 65 times
1 Answers
1
OAuth 2.0 is an authorization framework that enables users to authorize applications. The formal IETF specification, RFC 6749, is titled "The OAuth 2.0 Authorization Framework" and Section 1.1 describes the "Protocol Flow."
https://www.rfc-editor.org/rfc/rfc6749
ClientLogin is deprecated by Google and OAuth 2.0 is the replacement. Here is their official announcement:
Important: ClientLogin has been officially deprecated as of April 20, 2012. It will be shut down on April 20, 2015 as per our deprecation policy. We encourage you to migrate to OAuth 2.0 as soon as possible.
https://developers.google.com/accounts/docs/AuthForInstalledApps
Here's a migration guide for the YouTube Data API: Moving from ClientLogin to OAuth 2.0
https://developers.google.com/youtube/v3/guides/moving_to_oauth
And a StackOverflow article regarding the YouTube migration:
-
thanks alot for the reply.I went through the sites but what I found is it redirects to gmail login page forcing user to put email and password again, but my application already has already asked the same credentials to user. what should I do ? please suggest – sHOOT Mar 22 '15 at 17:48
-
1In OAuth 2.0, the user will typically need to authenticate to their IdP (Google) and authorize your app. From a security perspective, this is preferred because the user's credentials are now only shared with their IdP, not every app. Your app will receive an access_token and refresh_token for which to request resources on behalf of the user. The refresh_token is a long lived token and does not expire so the user won't have to login again unless something happens to the authorization (e.g. cancelled, too many authorizations, etc.). – Grokify Mar 22 '15 at 18:14