Google tokeninfo is returning deprecated Google Plus scopes, even when supplying the new scopes. What to do?

Question

Google is deprecating Google Plus and related APIs.

They recommend a simple migration, replacing the older deprecated scopes with new ones:

• plus.login -> profile
• plus.me -> openid
• plus.profile.emails.read -> email
• userinfo.profile -> profile
• userinfo.email -> email

Performing OAuth (using the code flow) with the new scopes works as expected. However, when calling the tokeninfo API the scopes are returned as their previous deprecated versions:

{
'scope': 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/plus.me'
}

Is this a problem specific to the tokeninfo API? Or is this by design, and these are the scopes that will be returned - as they are to be maintained alive, even though they're deprecated?

---

Answer 1

Both

https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile

will be valid scopes going forward and are synonyms of 'email' and 'profile' (note, there's no reference to plus).

We are in the process of making changes to token info such that openid will be returned instead of https://www.googleapis.com/auth/plus.me