[GH-ISSUE #107] Google Infographics QR Code API is deprecated #518

New issue

Closed

opened 2026-03-14 12:03:26 +03:00 by kerem · 22 comments

kerem commented 2026-03-14 12:03:26 +03:00

Owner

Copy link

Originally created by @bdteo on GitHub (Jul 23, 2018).
Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/107

See: https://developers.google.com/chart/infographics/docs/qr_codes

Originally created by @bdteo on GitHub (Jul 23, 2018). Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/107 See: https://developers.google.com/chart/infographics/docs/qr_codes

kerem 2026-03-14 12:03:26 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-14 12:03:42 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Oct 7, 2018):

Will check it, thank you!

<!-- gh-comment-id:427615970 --> @antonioribeiro commented on GitHub (Oct 7, 2018): Will check it, thank you!

kerem commented 2026-03-14 12:03:47 +03:00

Author

Owner

Copy link

@Chevil5 commented on GitHub (Mar 19, 2019):

Hi, is there any updates about that? 5 days ago Google turned off QR code generator api. And now it does not work at all.

<!-- gh-comment-id:474454738 --> @Chevil5 commented on GitHub (Mar 19, 2019): Hi, is there any updates about that? 5 days ago Google turned off QR code generator api. And now it does not work at all.

kerem commented 2026-03-14 12:03:52 +03:00

Author

Owner

Copy link

@barryvdh commented on GitHub (Mar 19, 2019):

I can confirm that currently:

• Google Chart API is offline, so URL doesn't work
• Bacon 2.x is released a year ago and doesn't work with this package.

<!-- gh-comment-id:474497541 --> @barryvdh commented on GitHub (Mar 19, 2019): I can confirm that currently: - Google Chart API is offline, so URL doesn't work - Bacon 2.x is released a year ago and doesn't work with this package.

kerem commented 2026-03-14 12:03:57 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

Why Bacon doesn't work with it? When I removed it from this package to create the google2fa-bridge I tested it with both 1.x and 2.x...

<!-- gh-comment-id:474513066 --> @antonioribeiro commented on GitHub (Mar 19, 2019): Why Bacon doesn't work with it? When I removed it from this package to create the google2fa-bridge I tested it with both 1.x and 2.x...

kerem commented 2026-03-14 12:04:02 +03:00

Author

Owner

Copy link

@barryvdh commented on GitHub (Mar 19, 2019):

Oh sorry, I'm still on the 2.x branch.
I just saw your qr code package, but you don't mention it in the readme, right?
https://github.com/antonioribeiro/google2fa#qr-code-packages

An alternative would be to use http://goqr.me/api/ but I think it would probably best to not provide external API for this sensitive stuff.

<!-- gh-comment-id:474518659 --> @barryvdh commented on GitHub (Mar 19, 2019): Oh sorry, I'm still on the 2.x branch. I just saw your qr code package, but you don't mention it in the readme, right? https://github.com/antonioribeiro/google2fa#qr-code-packages An alternative would be to use http://goqr.me/api/ but I think it would probably best to not provide external API for this sensitive stuff.

kerem commented 2026-03-14 12:04:07 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

With Bacon 2.0:

Installing:

composer require bacon/bacon-qr-code

Using:

<?php

use PragmaRX\Google2FA\Google2FA;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\Image\ImagickImageBackEnd;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;

$google2fa = app(Google2FA::class);

$g2faUrl = $google2fa->getQRCodeUrl(
    'pragmarx',
    'google2fa@pragmarx.com',
    $google2fa->generateSecretKey()
);

$writer = new Writer(
    new ImageRenderer(
        new RendererStyle(400),
        new ImagickImageBackEnd()
    )
);

$writer->writeFile($g2faUrl, 'qrcode.png');

// or

dd($writer->writeString($g2faUrl));

<!-- gh-comment-id:474522474 --> @antonioribeiro commented on GitHub (Mar 19, 2019): With Bacon 2.0: Installing: ``` composer require bacon/bacon-qr-code ``` Using: ``` <?php use PragmaRX\Google2FA\Google2FA; use BaconQrCode\Renderer\ImageRenderer; use BaconQrCode\Renderer\Image\ImagickImageBackEnd; use BaconQrCode\Renderer\RendererStyle\RendererStyle; use BaconQrCode\Writer; $google2fa = app(Google2FA::class); $g2faUrl = $google2fa->getQRCodeUrl( 'pragmarx', 'google2fa@pragmarx.com', $google2fa->generateSecretKey() ); $writer = new Writer( new ImageRenderer( new RendererStyle(400), new ImagickImageBackEnd() ) ); $writer->writeFile($g2faUrl, 'qrcode.png'); // or dd($writer->writeString($g2faUrl)); ```

kerem commented 2026-03-14 12:04:12 +03:00

Author

Owner

Copy link

@barryvdh commented on GitHub (Mar 19, 2019):

Thanks, I've updated generate the QR with https://github.com/endroid/qr-code

function qrCodeUrl($value, $size = 200)
{
    $qrCode = new \Endroid\QrCode\QrCode($value);

    $qrCode->setSize($size);

    return $qrCode->writeDataUri();
}

But should we remove the Google API?

<!-- gh-comment-id:474524759 --> @barryvdh commented on GitHub (Mar 19, 2019): Thanks, I've updated generate the QR with https://github.com/endroid/qr-code ```php function qrCodeUrl($value, $size = 200) { $qrCode = new \Endroid\QrCode\QrCode($value); $qrCode->setSize($size); return $qrCode->writeDataUri(); } ``` But should we remove the Google API?

kerem commented 2026-03-14 12:04:17 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

Oh sorry, I'm still on the 2.x branch.
I just saw your qr code package, but you don't mention it in the readme, right?
https://github.com/antonioribeiro/google2fa#qr-code-packages

An alternative would be to use http://goqr.me/api/ but I think it would probably best to not provide external API for this sensitive stuff.

Yeah, sorry, I wasn't really sure about "tying" one more package to this stack. But I will update the README and add some examples using it (mine), Bacon and Endroid.

<!-- gh-comment-id:474525741 --> @antonioribeiro commented on GitHub (Mar 19, 2019): > Oh sorry, I'm still on the 2.x branch. > I just saw your qr code package, but you don't mention it in the readme, right? > https://github.com/antonioribeiro/google2fa#qr-code-packages > > An alternative would be to use http://goqr.me/api/ but I think it would probably best to not provide external API for this sensitive stuff. Yeah, sorry, I wasn't really sure about "tying" one more package to this stack. But I will update the README and add some examples using it (mine), Bacon and Endroid.

kerem commented 2026-03-14 12:04:23 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

But should we remove the Google API?

Yes, we must.

And thanks a lot for the Endroid fix!

<!-- gh-comment-id:474526515 --> @antonioribeiro commented on GitHub (Mar 19, 2019): > But should we remove the Google API? Yes, we must. And thanks a lot for the Endroid fix!

kerem commented 2026-03-14 12:04:28 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

That Google API was deprecated in favor of https://developers.google.com/chart/, but I'm not sure there is a QRCode API inside it, will have to look better.

<!-- gh-comment-id:474527398 --> @antonioribeiro commented on GitHub (Mar 19, 2019): That Google API was deprecated in favor of https://developers.google.com/chart/, but I'm not sure there is a QRCode API inside it, will have to look better.

kerem commented 2026-03-14 12:04:33 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

@barryvdh, thanks for the PR.

Will try to add some more examples later.

<!-- gh-comment-id:474531973 --> @antonioribeiro commented on GitHub (Mar 19, 2019): @barryvdh, thanks for the PR. Will try to add some more examples later.

kerem commented 2026-03-14 12:04:38 +03:00

Author

Owner

Copy link

@barryvdh commented on GitHub (Mar 19, 2019):

I don't think it supports QR code. So we can either:

• Deprecate it and leave it in as not working, remove in next version (but will be broken and many won't notice)
• Throw an Exception to make it clear what is happening (breaking, but it's already broken)
• Replace with different API (but insecure)
• Silently replace with an data URL (eg. with bacon), not the same but doesn't break (but could lead to dependancy conflicts)

<!-- gh-comment-id:474538197 --> @barryvdh commented on GitHub (Mar 19, 2019): I don't think it supports QR code. So we can either: - Deprecate it and leave it in as not working, remove in next version (but will be broken and many won't notice) - Throw an Exception to make it clear what is happening (breaking, but it's already broken) - Replace with different API (but insecure) - Silently replace with an data URL (eg. with bacon), not the same but doesn't break (but could lead to dependancy conflicts)

kerem commented 2026-03-14 12:04:43 +03:00

Author

Owner

Copy link

@Chevil5 commented on GitHub (Mar 19, 2019):

-Silently replace with an data URL (eg. with bacon)
this option looks the most effective. The tool is very useful and it would be cruel just leave it unworking. Really people do not care how QR code generates, but only it should be secure, so to make in in-place by using Bacon would be perfect in my opinion.

<!-- gh-comment-id:474545634 --> @Chevil5 commented on GitHub (Mar 19, 2019): -Silently replace with an data URL (eg. with bacon) this option looks the most effective. The tool is very useful and it would be cruel just leave it unworking. Really people do not care how QR code generates, but only it should be secure, so to make in in-place by using Bacon would be perfect in my opinion.

kerem commented 2026-03-14 12:04:48 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

I was working on removing it for 5.0.0, already pushed some code to it, but looks like we will have to think this better.

I'm not found of adding Bacon or any other dependency back to this package, but if we do, to get a "fixed" version people would have to composer update, so here's a question:

Is there a way to make Composer warn people and tell them to upgrade to 5.0.0 and check the docs for options?

<!-- gh-comment-id:474549734 --> @antonioribeiro commented on GitHub (Mar 19, 2019): I was working on removing it for 5.0.0, already pushed some code to it, but looks like we will have to think this better. I'm not found of adding Bacon or any other dependency back to this package, but if we do, to get a "fixed" version people would have to `composer update`, so here's a question: Is there a way to make Composer warn people and tell them to upgrade to 5.0.0 and check the docs for options?

kerem commented 2026-03-14 12:04:53 +03:00

Author

Owner

Copy link

@Chevil5 commented on GitHub (Mar 19, 2019):

As far as I can see - no. And googling did not give any results.

But as a user, I can say it would be clear for me what is going on if on the first line of the documentation we will write: "Google API for QR generator is turned off. All version of that package less than 5.0.0 is deprecated and non-working. Please, make composer update and check documentation regarding new generation QR logic".
In a few days, people will see that QR code is broken and will start googling or checking the documentation. And way they will find this information.

<!-- gh-comment-id:474555595 --> @Chevil5 commented on GitHub (Mar 19, 2019): As far as I can see - no. And googling did not give any results. But as a user, I can say it would be clear for me what is going on if on the first line of the documentation we will write: "Google API for QR generator is turned off. All version of that package less than 5.0.0 is deprecated and non-working. Please, make `composer update` and check documentation regarding new generation QR logic". In a few days, people will see that QR code is broken and will start googling or checking the documentation. And way they will find this information.

kerem commented 2026-03-14 12:04:58 +03:00

Author

Owner

Copy link

@barryvdh commented on GitHub (Mar 19, 2019):

An alternative would be to patch to previous version(s) to a hardcoded data url, with a message so it's more of a Soft fail.

<!-- gh-comment-id:474564199 --> @barryvdh commented on GitHub (Mar 19, 2019): An alternative would be to patch to previous version(s) to a hardcoded data url, with a message so it's more of a Soft fail.

kerem commented 2026-03-14 12:05:03 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

As far as I can see - no. And googling did not give any results.

But as a user, I can say it would be clear for me what is going on if on the first line of the documentation we will write: "Google API for QR generator is turned off. All version of that package less than 5.0.0 is deprecated and non-working. Please, make composer update and check documentation regarding new generation QR logic".
In a few days, people will see that QR code is broken and will start googling or checking the documentation. And way they will find this information.

Done:

<!-- gh-comment-id:474618332 --> @antonioribeiro commented on GitHub (Mar 19, 2019): > As far as I can see - no. And googling did not give any results. > > But as a user, I can say it would be clear for me what is going on if on the first line of the documentation we will write: "Google API for QR generator is turned off. All version of that package less than 5.0.0 is deprecated and non-working. Please, make `composer update` and check documentation regarding new generation QR logic". > In a few days, people will see that QR code is broken and will start googling or checking the documentation. And way they will find this information. Done: 

kerem commented 2026-03-14 12:05:09 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 19, 2019):

What about this?:

As a warning when people composer update?

<!-- gh-comment-id:474619583 --> @antonioribeiro commented on GitHub (Mar 19, 2019): What about this?:  As a warning when people `composer update`?

kerem commented 2026-03-14 12:05:14 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 20, 2019):

It's done, but not working. Not sure why

https://github.com/Ocramius/PackageVersions/blob/master/composer.json

works, but this one doesn't:

https://github.com/antonioribeiro/google2fa/blob/v4.0.2/composer.json

<!-- gh-comment-id:474630851 --> @antonioribeiro commented on GitHub (Mar 20, 2019): It's done, but not working. Not sure why https://github.com/Ocramius/PackageVersions/blob/master/composer.json works, but this one doesn't: https://github.com/antonioribeiro/google2fa/blob/v4.0.2/composer.json

kerem commented 2026-03-14 12:05:19 +03:00

Author

Owner

Copy link

@Chevil5 commented on GitHub (Mar 20, 2019):

Done:

@antonioribeiro thank you! Looks super noticeable and understandable! I also checked fixed documentation it looks very clear. I already fixed my code by your recommendations with Bacon and it works like a charm. So thank you for your work!

Warning in console looks also very good. But I'm not sure how to force it to work. It looks correct as far I can see.

<!-- gh-comment-id:474713958 --> @Chevil5 commented on GitHub (Mar 20, 2019): > Done: @antonioribeiro thank you! Looks super noticeable and understandable! I also checked fixed documentation it looks very clear. I already fixed my code by your recommendations with Bacon and it works like a charm. So thank you for your work! Warning in console looks also very good. But I'm not sure how to force it to work. It looks correct as far I can see.

kerem commented 2026-03-14 12:05:24 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Mar 20, 2019):

Opened an issue in Composer to try to understand and fix it: https://github.com/composer/composer/issues/8049

<!-- gh-comment-id:474806943 --> @antonioribeiro commented on GitHub (Mar 20, 2019): Opened an issue in Composer to try to understand and fix it: https://github.com/composer/composer/issues/8049

kerem commented 2026-03-14 12:05:29 +03:00

Author

Owner

Copy link

@hopeseekr commented on GitHub (Jul 14, 2019):

There is a way to immediately warn people... But it's not that good.

1. Edit this package's composer.json and give it either a new name or a new vendor, or both.
2. Mark this current package on packagist as abandoned.
3. Add as a Recommendation the new package name.

Then, any time anyone does composer install or composer update, they'll get a big red warning google2fa is abandoned: Use google-2fa instead..

<!-- gh-comment-id:511229387 --> @hopeseekr commented on GitHub (Jul 14, 2019): There is a way to immediately warn people... But it's not that good. 1. Edit this package's composer.json and give it either a new name or a new vendor, or both. 2. Mark this current package on packagist as abandoned. 3. Add as a Recommendation the new package name. Then, any time anyone does `composer install` or `composer update`, they'll get a big red warning `google2fa is abandoned: Use google-2fa instead.`.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

9.x

fix-coverage

bump-to-version-9

10.x

reformat-code

add-linting

reorder-imports

8.x

install-php-84

test-on-php84

github-actions

master

7.x

pspstan

revert-124-123-google2fa_fix

v9.0.0

v8.0.3

v8.0.2

v8.0.1

8.0.0

v7.0.0

v6.1.3

v6.1.0

v6.0.1

v6.0.0

v4.0.2

v4.0.1

v5.0.0

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.1

v1.0.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.0

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/google2fa#518

No description provided.