June 2, 2022

New Security Measures taken by Google concerning “Loopback IP Adresses” or “OAuth out-of-band (oob)”

Question:  I would like to know if Chilkat is affected by the new security measures taken by Google concerning “Loopback IP Adresses” or “OAuth out-of-band (oob)”
https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html
https://developers.google.com/identity/protocols/oauth2/native-app#redirect-uri_loopback

Answer:  

  • Chilkat does not use “oob”, so it’s not an issue.
  • The loopback address, such as “http://localhost:port/”, remains valid if you define your app in the Google Developers Console as a “Desktop App”.

If Google decides in the future to disallow the loopback address completely, then you can use the technique as demonstrated with QuickBooks OAuth2 for a Desktop App:   https://www.example-code.com/powerbuilder/quickbooks_oauth2_desktop_app.asp

The technique is that you create an endpoint on your own web server written in whatever programming language you desire, such as PHP, ASP.NET, etc. and then use it for the redirect URI, and then the code on your server would send a redirect response to the loopback address.  (See the QuickBooks example linked above.)

admin
0
Tags :

Tags

ActiveX asp async asynchronous C# callbacks Delphi email Encryption error messages events exchange server FTP GMail HTTP IMAP IOS Java Linking MIME oauth2 Office365 pfx PHP pop3 port-forwarding regsvr32 release notes RSA SFTP smartcard SMTP socket SSH SSL TLS tunnel upload vb6 VBScript VC++ x64 xades XML zip