Google is continuing its commitment to modern open standards. The company announced it will be shutting down support for OAuth 1.0 2-legged (2LO) by Oct. 20.
“With this step, we continue to move away from legacy authentication/authorization protocols, focusing our support on modern open standards that enhance the security of Google accounts and that are generally easier for developers to integrate with,” wrote Vartika Agarwal, technical program manager of identity and authentication at Google, and Wesley Chun, developer advocate at Google, in a blog post.
(Related: A look at the state of security in Android)
This is the final step in Google’s efforts to move away from the OAuth 1.0 protocol and toward the current standard, OAuth 2.0. The company shut down support for OAuth 1.0 3-legged (3LO) on April 20, 2015. According to Google, OAuth 2.0 is designed to improve security and reduce developer complexity.
Developers should migrate their apps to the new standard before the shutdown date, otherwise they will not be able to connect to Google and experience outages until they make the switch. “The easiest way to migrate to the new standard is to use OAuth 2.0 service accounts with domain-wide delegation,” Agarwal and Chun wrote.
More information on how to migrate is available here.