Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Google warning on OAUTH out-of-band flow

191 views
Skip to first unread message

M Anon

unread,
Aug 23, 2022, 4:09:08 PM8/23/22
to GAM for Google Workspace
I received this warning in my inbox and it is mentioning the GAM Project I created as per GAM install instructions. Is GAM impacted by this change?

M

-------

Hello Google OAuth Developer,

We're writing to remind you that the OAuth out-of-band (OOB) flow will be deprecated on October 3, 2022, to protect your users from phishing and app impersonation attacks.

What do I need to know?

As we notified you in the first week of May 2022, any affected authorization endpoint requests will be blocked with an invalid_request error after October 3, 2022. Apps using OOB in testing mode will not be affected. However, we strongly recommend migrating them to safer methods as these apps will be immediately blocked when switching to in production status.

Below are key dates for compliance:

  • September 5, 2022: A user-facing warning message will be displayed to non-compliant OAuth requests.
  • October 3, 2022: The OOB flow will be blocked for all clients and users will see the error page.

Please reference our previous email with the subject line containing: “Migrate your OAuth out-of-band flow to an alternative method before Oct. 3, 2022,” for more details.

What do I need to do?
  • Please see the Making Google OAuth interactions safer by using more secure OAuth flows blog post to learn about the deprecation
  • Follow the Out-of-band (OOB) Migration Guide to migrate your app to an alternative method.
  • You may acknowledge the upcoming deadline and suppress a possible user-facing warning message by following instructions in our blog post. All non-compliant authorization requests will be blocked with an invalid_request error when loading Google's OAuth 2.0 authorization endpoint after October 3, 2022.
  • If necessary, you may request a one-time deprecation enforcement extension for each listed OAuth client ID until January 31, 2023. For clarity, the enforcement for the OOB flow deprecation will be enforced on February 1, 2023 with no exceptions or extensions.

Refer to the sample of OAuth clients below, which will be blocked.

Sample OAuth client list:

Jay Lee

unread,
Aug 23, 2022, 5:00:14 PM8/23/22
to google-ap...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/2eae0205-18b4-4108-b1ce-56f091f63db9n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages