...
OAuth out-of-band (OOB) is a legacy flow developed to support native clients which do not have a redirect URI like web apps to accept the credentials after a user approves an OAuth consent request. The OOB flow poses a remote phishing risk and clients must migrate to an alternative method to protect against this vulnerability. New clients will be unable to use this flow starting on Feb 28, 2022.
Software Design / Architecture
Since we are currently using OOB authentication for all google related products, we enhanced our authentication feature oaut2Token as follows:
The Google API client has been updated.
The OAUTH2.0 authentication (without the use of OOB, as described here) has been implemented.
A new redirection system has been implemented by using our own callback URL.
Email to Customers about OAuth Methods Deprecation
We wrote the following email to inform our customers about the change:
...
Please see the steps on how to refresh the token:
Google information on Making Google OAuth interactions saferĀ
Please reach out to us urgently if you have any issues or concerns regarding the update to version 2.158.
...