Use updated Google user info endpoint (#621)

Author: techknowlogick

README.md

@@ -37,7 +37,6 @@ $ go get github.com/markbates/goth
 * GitHub
 * Gitlab
 * Google
-* Google+ (deprecated)
 * Heroku
 * InfluxCloud
 * Instagram

examples/main.go

@@ -30,7 +30,6 @@ import (
 	"github.com/markbates/goth/providers/github"
 	"github.com/markbates/goth/providers/gitlab"
 	"github.com/markbates/goth/providers/google"
-	"github.com/markbates/goth/providers/gplus"
 	"github.com/markbates/goth/providers/heroku"
 	"github.com/markbates/goth/providers/instagram"
 	"github.com/markbates/goth/providers/intercom"
@@ -89,7 +88,6 @@ func main() {
 		facebook.New(os.Getenv("FACEBOOK_KEY"), os.Getenv("FACEBOOK_SECRET"), "http://localhost:3000/auth/facebook/callback"),
 		fitbit.New(os.Getenv("FITBIT_KEY"), os.Getenv("FITBIT_SECRET"), "http://localhost:3000/auth/fitbit/callback"),
 		google.New(os.Getenv("GOOGLE_KEY"), os.Getenv("GOOGLE_SECRET"), "http://localhost:3000/auth/google/callback"),
-		gplus.New(os.Getenv("GPLUS_KEY"), os.Getenv("GPLUS_SECRET"), "http://localhost:3000/auth/gplus/callback"),
 		github.New(os.Getenv("GITHUB_KEY"), os.Getenv("GITHUB_SECRET"), "http://localhost:3000/auth/github/callback"),
 		spotify.New(os.Getenv("SPOTIFY_KEY"), os.Getenv("SPOTIFY_SECRET"), "http://localhost:3000/auth/spotify/callback"),
 		linkedin.New(os.Getenv("LINKEDIN_KEY"), os.Getenv("LINKEDIN_SECRET"), "http://localhost:3000/auth/linkedin/callback"),
@@ -179,7 +177,6 @@ func main() {
 		"github":          "Github",
 		"gitlab":          "Gitlab",
 		"google":          "Google",
-		"gplus":           "Google Plus",
 		"heroku":          "Heroku",
 		"instagram":       "Instagram",
 		"intercom":        "Intercom",

providers/google/google.go

@@ -7,14 +7,13 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
 	"strings"
 
 	"github.com/markbates/goth"
 	"golang.org/x/oauth2"
 )
 
-const endpointProfile string = "https://www.googleapis.com/oauth2/v2/userinfo"
+const endpointProfile string = "https://openidconnect.googleapis.com/v1/userinfo"
 
 // New creates a new Google provider, and sets up important connection details.
 // You should always call `google.New` to get a new Provider. Never try to create
@@ -76,6 +75,7 @@ func (p *Provider) BeginAuth(state string) (goth.Session, error) {
 
 type googleUser struct {
 	ID        string `json:"id"`
+	Sub       string `json:"sub"`
 	Email     string `json:"email"`
 	Name      string `json:"name"`
 	FirstName string `json:"given_name"`
@@ -100,7 +100,13 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
 		return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName)
 	}
 
-	response, err := p.Client().Get(endpointProfile + "?access_token=" + url.QueryEscape(sess.AccessToken))
+	req, err := http.NewRequest("GET", endpointProfile, nil)
+	if err != nil {
+		return user, err
+	}
+	req.Header.Set("Authorization", "Bearer "+sess.AccessToken)
+
+	response, err := p.Client().Do(req)
 	if err != nil {
 		return user, err
 	}
@@ -127,7 +133,13 @@ func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {
 	user.NickName = u.Name
 	user.Email = u.Email
 	user.AvatarURL = u.Picture
-	user.UserID = u.ID
+
+	if u.ID != "" {
+		user.UserID = u.ID
+	} else {
+		user.UserID = u.Sub
+	}
+
 	// Google provides other useful fields such as 'hd'; get them from RawData
 	if err := json.Unmarshal(responseBytes, &user.RawData); err != nil {
 		return user, err
@@ -148,7 +160,7 @@ func newConfig(provider *Provider, scopes []string) *oauth2.Config {
 	if len(scopes) > 0 {
 		c.Scopes = append(c.Scopes, scopes...)
 	} else {
-		c.Scopes = []string{"email"}
+		c.Scopes = []string{"openid", "email", "profile"}
 	}
 	return c
 }

providers/google/google_test.go

@@ -1,6 +1,7 @@
 package google_test
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"testing"
@@ -31,7 +32,7 @@ func Test_BeginAuth(t *testing.T) {
 	a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth")
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("GOOGLE_KEY")))
 	a.Contains(s.AuthURL, "state=test_state")
-	a.Contains(s.AuthURL, "scope=email")
+	a.Contains(s.AuthURL, "scope=openid+email+profile")
 	a.Contains(s.AuthURL, "access_type=offline")
 }
 
@@ -50,7 +51,7 @@ func Test_BeginAuthWithPrompt(t *testing.T) {
 	a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth")
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("GOOGLE_KEY")))
 	a.Contains(s.AuthURL, "state=test_state")
-	a.Contains(s.AuthURL, "scope=email")
+	a.Contains(s.AuthURL, "scope=openid+email+profile")
 	a.Contains(s.AuthURL, "access_type=offline")
 	a.Contains(s.AuthURL, "prompt=test+prompts")
 }
@@ -70,7 +71,7 @@ func Test_BeginAuthWithHostedDomain(t *testing.T) {
 	a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth")
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("GOOGLE_KEY")))
 	a.Contains(s.AuthURL, "state=test_state")
-	a.Contains(s.AuthURL, "scope=email")
+	a.Contains(s.AuthURL, "scope=openid+email+profile")
 	a.Contains(s.AuthURL, "access_type=offline")
 	a.Contains(s.AuthURL, "hd=example.com")
 }
@@ -90,7 +91,7 @@ func Test_BeginAuthWithLoginHint(t *testing.T) {
 	a.Contains(s.AuthURL, "accounts.google.com/o/oauth2/auth")
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("GOOGLE_KEY")))
 	a.Contains(s.AuthURL, "state=test_state")
-	a.Contains(s.AuthURL, "scope=email")
+	a.Contains(s.AuthURL, "scope=openid+email+profile")
 	a.Contains(s.AuthURL, "access_type=offline")
 	a.Contains(s.AuthURL, "login_hint=john%40example.com")
 }
@@ -115,6 +116,37 @@ func Test_SessionFromJSON(t *testing.T) {
 	a.Equal(session.AccessToken, "1234567890")
 }
 
+func Test_UserIDHandling(t *testing.T) {
+	t.Parallel()
+	a := assert.New(t)
+
+	// Test v2 endpoint response format (uses 'id' field)
+	v2Response := `{"id":"123456789","email":"[email protected]","name":"Test User"}`
+	var userV2 struct {
+		ID    string `json:"id"`
+		Sub   string `json:"sub"`
+		Email string `json:"email"`
+		Name  string `json:"name"`
+	}
+	err := json.Unmarshal([]byte(v2Response), &userV2)
+	a.NoError(err)
+	a.Equal("123456789", userV2.ID)
+	a.Equal("", userV2.Sub)
+
+	// Test OpenID Connect response format (uses 'sub' field)
+	oidcResponse := `{"sub":"123456789","email":"[email protected]","name":"Test User"}`
+	var userOIDC struct {
+		ID    string `json:"id"`
+		Sub   string `json:"sub"`
+		Email string `json:"email"`
+		Name  string `json:"name"`
+	}
+	err = json.Unmarshal([]byte(oidcResponse), &userOIDC)
+	a.NoError(err)
+	a.Equal("", userOIDC.ID)
+	a.Equal("123456789", userOIDC.Sub)
+}
+
 func googleProvider() *google.Provider {
 	return google.New(os.Getenv("GOOGLE_KEY"), os.Getenv("GOOGEL_SECRET"), "/foo")
 }