[Action Required] GTMOAuth2 has been replaced with GTMAppAuth

[William Denniss]

The Google Identity team has been modernizing how users authenticate and authorize requests in native apps. As part of this effort, we’ve replaced the GTMOAuth2 library with GTMAppAuth.  Like GTMOAuth2, GTMAppAuth is open source, hosted on GitHub, works with GTLR and other Google APIs, but unlike GTMOAuth2, it takes advantage of the user’s browser for a more streamlined and secure user experience.

By using the browser, the user only needs to sign-in to Google once per device, rather than for each app they want to use. Users who’ve already performed a sign-in or OAuth flow, or used any Google product like Gmail or YouTube will already be signed in, which reduces the friction when they use your app.  GTMAppAuth implements this through in-app browser tabs (i.e. SFSafariViewController) on iOS, and the regular browser on macOS for a faster and more secure user experience.

Unique to GTMAppAuth is tvOS support! Since tvOS doesn’t have UIWebView or Safari, the OAuth for TVs and Limited Input Device flow is used – the same flow used by the YouTube TV apps.

Like GTMOAuth2, GTMAppAuth implements the GTMFetcherAuthorizationProtocol protocol, so the way you authorize your API requests using GTMSessionFetcher remains the same, but you need to switch to GTMAppAuth and update your authorization code to obtain authorization from the user in the new way for Google API services.

Refer to the GTMAppAuth docs and included examples for how to obtain authorization from users, and the migration guide for how to migrate your existing projects. The Google APIs Client Library for Objective-C For REST project has been updated, and includes several samples for macOS that now use GTMAppAuth.

Note that in August 2016, we announced that WebView was no longer being supported for Google OAuth requests on platforms with viable alternatives (i.e. iOS 9+, macOS). The implication of this is it’s no longer possible to use GTMOAuth2 (which relies on WebView) in new projects with Google API services on iOS 9+ and macOS. Existing GTMOAuth2 projects will continue to work on iOS 9+ and macOS for the time being, but will need to migrate before April 20, 2017. If you need an extension, please complete this form. This policy only affects GTMOAuth2 when used with Google, the library may continue to work with OAuth providers who have yet to institute a similar policy.

GTMAppAuth is standards-based and may also work with your other providers, if they support the modern OAuth for Native Apps best practices.  It’s possible to use GTMOAuth2 and GTMAppAuth in the same project if you need to support both Google and other provides that don’t yet support browser-based authorization.

The GTMOAuth2 mailing list can continue to be used for topics related to GTMOAuth2 and GTMAppAuth, including questions related to the migration. You can also post questions on StackOverflow tagged google-oauth.

Regards,

William Denniss

Product Manager, Google