What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?

151 views Asked by At

According to The Google OpenID 2.0 migration timetable, "mapping of OpenID 2.0 identifiers to OAuth 2.0 identifiers will continue to work until January 1, 2017."

It is not 100% clear from the documentation what form this transition will take. Will requesting scope: "openid" or openid.realm: "something" begin to return an error? Or will the old openid value simply not be present in the response? The Google OpenId Connect Documentation still uses the request values in its example OpenID Connect authentication URI.

Does anyone have a better understanding of how exactly this is going away? Our approach is to drop the openid scope and the openid.realm, but we're trying to get better certainty on the exact form of the change.

1

There are 1 answers

3
William Denniss On BEST ANSWER

The openid scope relates to OpenID Connect, not OpenID 2.0 (it's confusing, I agreeā€¦). OpenID Connect is fully supported and not going away, so the openid scope is still completely supported.

Passing the openid.realm param after the mapping is turned down won't return an error, it's just that the old openid value may not be present in the response. So you should design your service to be able to gracefully handle the case where no OpenID 2.0 value is present in the response.