Passport and Google's OpenID 2.0 to OAuth 2.0 migration
August 2nd 2014Passport is a popular authentication middleware for Node.js. It has a plug-in system which supports more or less all popular authentication services. For Google it has passport-google and passport-google-oauth plug-ins. Passport-google is OpenID 2.0 based and passport-google-oauth is OAuth 2.0 based.
Google has announced that it terminates OpenID 2.0 support in 2015. If you are like me, you have for a long time offered your users a possibility to sign-up with their Google account using OpenID 2.0 behind the scenes. And are now forced to upgrade to OAuth 2.0.
There are two ways to handle the upgrade without losing track of user identities. The first, simple way is just to switch to OAuth 2.0 and ask user's primary email address from Google as part of the OAuth authentication transaction. You can then search the user from your database using the received email address. For me this doesn't work as my service allows users to change their email addresses. I'm not forcing that they must use their primary Google email addresses. The only thing I really know about them is their OpenID id, e.g.
https://www.google.com/accounts/o8/id?id=AItOawn7n9TjBjhPf5Eip-ld01Yep2NgGsNk32E