Google Platform Auth Service is deprecated

[amazingmo]

The template for Google Auth appears to be using Google's 'platform.js'

According to https://developers.google.com/identity/sign-in/web/reference

We are discontinuing the Google Sign-In JavaScript Platform Library for web. The library will be unavailable for download after the March 31, 2023 deprecation date. Instead, use the new Google Identity Services for Web.
By default, newly created Client IDs are now blocked from using the older Platform Library, existing Client IDs are unaffected. New Client IDs created before July 29th, 2022 can set plugin_name to enable use of the Google Platform Library.

The docs suggest that adding 'plugin_name' to the argument passed to gapi.auth2.init() will allow recently created client_ids to work (I haven't succeeded yet), but I think the better solution is to move to Google's new Identity Services API.

[Deshke]

You are receiving this message as a reminder that one or more of your web applications uses the legacy Google Sign-In web solution. Our announced plan stated that authentication support for the Google Sign-In JavaScript platform library will no longer be supported after March 31, 2023.

...

[Deshke]

in case anyone else wanted to switch to oidc - that works but refresh tokens do not. To fix that add &access_type=offline&prompt=consent to the oidc_auth.tmpl

diff --git a/auth_server/authn/data/oidc_auth.tmpl b/auth_server/authn/data/oidc_auth.tmpl
index b7a700a..de10847 100644
--- a/auth_server/authn/data/oidc_auth.tmpl
+++ b/auth_server/authn/data/oidc_auth.tmpl
@@ -9,7 +9,7 @@
 <body>
   <div id="panel">
     <p>
-      <a id="login-with-oidc" href="{{.AuthEndpoint}}?response_type=code&scope=openid%20email&client_id={{.ClientId}}&redirect_uri={{.RedirectURI}}">
+      <a id="login-with-oidc" href="{{.AuthEndpoint}}?response_type=code&scope=openid%20email&client_id={{.ClientId}}&access_type=offline&prompt=consent&redirect_uri={{.RedirectURI}}">
         Login with OIDC Provider
       </a>
     </p>