5

According to The Google OpenID 2.0 migration timetable, "mapping of OpenID 2.0 identifiers to OAuth 2.0 identifiers will continue to work until January 1, 2017."

It is not 100% clear from the documentation what form this transition will take. Will requesting scope: "openid" or openid.realm: "something" begin to return an error? Or will the old openid value simply not be present in the response? The Google OpenId Connect Documentation still uses the request values in its example OpenID Connect authentication URI.

Does anyone have a better understanding of how exactly this is going away? Our approach is to drop the openid scope and the openid.realm, but we're trying to get better certainty on the exact form of the change.

Brett
  • 3,478
  • 1
  • 22
  • 23
  • Leaving the original question as-is, but now our approach will just be to gracefully degrade our association checks in the absence of the openid response value, as suggested in the accepted answer. – Brett Dec 23 '16 at 01:54

1 Answers1

6

The openid scope relates to OpenID Connect, not OpenID 2.0 (it's confusing, I agree…). OpenID Connect is fully supported and not going away, so the openid scope is still completely supported.

Passing the openid.realm param after the mapping is turned down won't return an error, it's just that the old openid value may not be present in the response. So you should design your service to be able to gracefully handle the case where no OpenID 2.0 value is present in the response.

William Denniss
  • 16,089
  • 7
  • 81
  • 124
  • Thank you for the very complete answer and for the correction on the `openid` scope -- I do see in the docs that that's required for OpenID Connect, though it seems that may not be the case in practice. I first looked for the 'what will happen' plan in the migration doc at https://developers.google.com/identity/protocols/OpenID2Migration, so if anyone is in a position to put more information there, it might help others, too. – Brett Dec 23 '16 at 01:43
  • Is there still a way to get the openid_id values after Jan 1st? – Mr.Boon Jan 11 '17 at 14:18
  • It looks to me like they stopped providing them on Jan 10th, after all. – Brett Mar 02 '17 at 21:06