Millions of developers rely on Google’s identity platform for user authentication and the ability to authorize access to hundreds of APIs. Underpinning the platform is one of the world’s largest implementations of the OAuth 2.0 protocol and related OpenID Connect standard, which provide a seamless, safe, and reliable way for developers to integrate with Google. We’re excited to share some updates that will make the platform even more secure and easy to use.
Developers that use Sign in with Google for authentication or to obtain user authorization to call Google APIs need to register their apps and websites to create client credentials. For developers that use the Google Cloud Console, OAuth configuration pages previously lived in the APIs & Services section. Now, these pages have their own dedicated navigation section called Google Auth Platform. As part of this change, we’ve made it easier to register new projects, reduced the time it takes to update app configurations, and added more helpful guidance for developers. Stay tuned for more improvements in the coming months, including a better onboarding wizard, simplified OAuth scope management, and changes to make app verification faster and more transparent.
For developers who use OAuth capabilities through other consoles like Firebase or Apps Script, your experience on those products remains unchanged.
Some OAuth clients are required to use a “secret” when making authentication and authorization requests. The client secret is like a password for a website or application, so it’s critical to protect these strings to ensure the security and privacy of user accounts and data.
Historically, developers have been able to view and download their own client secrets in the Google Cloud Console, Firebase Console, and other places across Google developer products. Starting in June, we’ll start masking OAuth secrets in the client management pages of the Google Cloud Console. As an aid to help identify them, developer consoles will show the last few characters.
Developers will need to download their OAuth client secrets when they’re created and manage them in a secure way. Most developers already do this using Google Cloud Platform’s Secret Manager or similar tools. Once the creation screen is closed, the client secret will not be shown again.
As a reminder, OAuth client secrets that allow access to user data or other production systems should never be checked into version control systems or shared widely on the internet. Secrets should be rotated periodically and changed immediately in the case of a leak.
Starting in June, OAuth clients inactive for 6 months will be automatically deleted to better protect against credential theft and misuse. The 6-month period will begin after there are no more token exchanges. Developers will be notified of deletion due to inactivity, and can restore clients up to 30 days after deletion.
To ensure that you receive these notifications and others related to your app, review your contact information settings.
With these improvements, and more to come later this year, we’re making your experience simpler and safer, so you can spend more time building helpful apps and sites for your users.
| 为什么空调外机会滴水 | oba是什么意思 | 食物中毒用什么药 | 愿字五行属什么 | 随性是什么意思 |
| 父亲生日送什么礼物 | 什么叫高尿酸血症 | 狮子座与什么星座最配 | 喝牛奶为什么拉肚子 | 去脂肪粒最有效的药膏叫什么 |
| 急性化脓性扁桃体炎吃什么药 | 最小的单位是什么 | 什么叫袖珍人 | 品红是什么颜色 | 金球奖什么时候颁发 |
| 寄生虫感染吃什么药 | 便秘挂什么科 | 一命呜呼是什么意思 | 一什么葡萄 | 大米发霉是什么样子 |
| 倪什么意思hcv9jop2ns2r.cn | 梦见两口子吵架是什么意思hcv7jop4ns7r.cn | 股票pb是什么意思hanqikai.com | 四月是什么星座hcv8jop0ns6r.cn | 产褥热是什么病jasonfriends.com |
| 什么地流淌clwhiglsz.com | 玻璃人是什么意思hcv9jop5ns6r.cn | 破伤风什么时候打最好hcv8jop2ns3r.cn | 12.6是什么星座hcv7jop6ns7r.cn | 双胞胎代表什么生肖hcv9jop0ns1r.cn |
| 遥祝是什么意思hcv7jop5ns6r.cn | 睡觉流眼泪是什么原因hcv9jop8ns2r.cn | 辣椒有什么营养价值hcv7jop5ns4r.cn | 属蛇的人适合佩戴什么hcv9jop0ns5r.cn | 失眠多梦吃什么药hcv9jop5ns1r.cn |
| 行运是什么意思hcv9jop8ns0r.cn | 后巩膜葡萄肿是什么意思hcv8jop9ns8r.cn | 感染性疾病科看什么病hcv8jop4ns9r.cn | 乳房疼吃什么药mmeoe.com | 股癣用什么药hcv9jop0ns0r.cn |
