Passport is a popular
authentication middleware for Node.js. It has a plug-in system which
supports more or less all popular authentication services. For Google
plug-ins. Passport-google is OpenID 2.0 based and
passport-google-oauth is OAuth 2.0 based.
that it terminates OpenID 2.0 support in 2015. If you are like me, you
have for a long time offered your users a possibility to sign-up with their Google
account using OpenID 2.0 behind the scenes. And are now forced to
upgrade to OAuth 2.0.
There are two ways to handle the upgrade without losing track of user
identities. The first, simple way is just to switch to OAuth 2.0 and
ask user's primary email address from Google as part of the OAuth
authentication transaction. You can then search the user from your
database using the received email address. For me this doesn't work as
my service allows users to change their email addresses. I'm not
forcing that they must use their primary Google email addresses. The
only thing I really know about them is their OpenID id, e.g.