manugarg/pagenotes-issues

Switch to Chrome Client OAuth

Closed this issue · 5 comments

manugarg commented

Google is disabling access to Out-of-band OAuth flow. As per email received:

What do I need to know?

Starting October 3, 2022, we will block OOB requests to Google’s OAuth 2.0 authorization endpoint for existing clients.

This will result in significant change for Page Notes. One thing we need to verify is that if existing OAuth setups will continue to work as it is?

manugarg commented

One thing we need to verify is that if existing OAuth setups will continue to work as it is?

We post to the following URL for access token renewal:
https://accounts.google.com/o/oauth2/token

Redirect URI (and for that matter anything that says oob) is not used for access token renewal so existing users may be okay.

manugarg commented

We'll need to figure out a strategy to make it as smooth as possible. Learnings from the last OAuth client change:

On OAuth change, change Google File entry too.
-- Keep gfile entry in synced storage, just like oauth.
-- If someone moves to the new OAuth setup on one device (by stopping and reestablishing sync), update synced gfile entry too.
-- Basically, all devices should be using the same gfile entry.

manugarg commented

How will users transition:

  1. New users who don't have any config at all, i.e. users who don't have remote 'oauth2' and 'gfile' values.
  2. Users who disable sync and enable it again. When folks disable sync, we remove the remote 'oauth2' and 'gfile' values.
  • I guess in setupSync, we can just check for the absence of remote 'oauth2', and use the new method if that's the case. After we set it up like this, we should record 'gFile' in the remote storage, and also add a variable to identify that we're using the new method.
  • In sync, if we're using the new method, use the new method for everything.
manugarg commented

This is done. If anyone wants to switch to the new client, they should stop syncing and set it up again.