How to Fix Google OAuth OOB Deprecation Error

Google announced it would discontinue out-of-band (OOB) OAuth functionality beginning January 31, 2023, due to phishing vulnerabilities. Here’s how to migrate your applications.

Why the Change?

The OOB flow allowed users to copy-paste authorization codes manually, which created opportunities for phishing attacks. Google’s deprecation forces developers to use more secure redirect-based flows.

Migration Method 1: Redirect URIs

The recommended approach is implementing proper redirect URIs:

1. Create a new OAuth client ID in Google Cloud Console
2. Specify a public redirect URL for your application
3. Update your application code to handle the redirect callback
4. Exchange the authorization code for tokens server-side

Migration Method 2: App Passwords

For simpler use cases, Google App Passwords provide an alternative:

1. Enable 2-step verification on the Google account
2. Generate an app-specific password
3. Use this password in place of the regular account password

Rails Implementation

For Rails applications, you can use the gmail_cli gem for OAuth-based access or the gmail gem for app password authentication. Both approaches are straightforward to implement and maintain.

Conclusion

While the OOB deprecation requires some migration work, the redirect URI approach is more secure and provides a better user experience. Take the time to update your applications before the deadline.