Please fix Google Sign-in

@ChristianPagh wrote:
Gemini says:

This specific URL tells us exactly what is broken under the hood.

By analyzing the parameters TVMaze is sending to Google, we can determine that while their core workflow strategy is actually correct, they are using a deprecated legacy endpoint and a heavily restricted legacy scope.

Here is the exact breakdown of what this URL reveals and why it is failing:

1. The Deprecated Endpoint Path (/o/oauth2/auth)

Look at the very beginning of the URL path:

[https://accounts.google.com/o/oauth2/auth](https://accounts.google.com/o/oauth2/auth)?...

The Issue: This is Google’s legacy OAuth 2.0 endpoint v1. Google officially deprecated this specific endpoint path in favor of the newer v2 endpoints (/o/oauth2/v2/auth) and the modern Google Identity Services (GIS) wrapper.

The Result: While Google kept this old endpoint on life support for years for legacy apps, they have been systematically shutting down access to it, especially for apps that haven't updated their developer verification status.

2. Legacy Full URL Scopes ([https://www.googleapis.com/auth/](https://www.googleapis.com/auth/)...)

Look at the scope parameter in the URL:

scope=[https://www.googleapis.com/auth/userinfo.profile](https://www.googleapis.com/auth/userinfo.profile) [https://www.googleapis.com/auth/userinfo.email](https://www.googleapis.com/auth/userinfo.email)

The Issue: TVMaze is requesting profile and email data using the old full-URL legacy scopes. Google explicitly deprecated these specific userinfo URLs years ago.

The Result: The modern standard is to use short-form, open-id scopes (openid email profile). Google announced strict enforcement policies stating that apps still requesting the old full-URL scopes would face authorization blocks unless they migrated to the new format.

3. The "Good" News: The Architecture is Fine (response_type=code)

What they did right: They are using response_type=code. This means they are using the Authorization Code Flow, which is the modern secure standard (unlike the completely banned response_type=token implicit flow).

Summary: What TVMaze needs to do to fix it

Because TVMaze's fundamental architecture is correct (response_type=code), they don't need a massive, ground-up rewrite. The fix on their end is incredibly simple, but it requires their developer to change a few lines of configuration code:

Update the Endpoint: Change the authentication base URL from /o/oauth2/auth to /o/oauth2/v2/auth.

Update the Scopes: Change the requested scopes from the long [https://www.googleapis.com/auth/userinfo](https://www.googleapis.com/auth/userinfo)... strings to just email profile.

Verify the Client Secret: Because it's been down for months, they likely also need to log into the Google Cloud Console and generate a new Client Secret, as their old one may have expired during this downtime.

Since it has been broken for months, it's highly likely that Google automatically flagged or restricted their client_id (listed in your URL) for non-compliance with these platform deprecations. Until they update those endpoints and click "Submit for Verification" in their Google developer dashboard, the login will remain completely unusable.

this is for @david to check

Dear TVMaze,

I have one laptop from where I logged on tvmaze.com last.  This is now the only way I can be logged in at tvmaze as it re-uses the login session.  I'm afraid that it  will soon expire and render my account inaccessible.  I try to keep the number my online-account-login credentials at a minimum as not to have too many of my passwords floating around, therefore the suggested method to bypass Google Sign-in is not an option for me, as it involves accessing my account on TVMaze  by creating a password and therefore a new login.

As I might not be able to login again and therefore unable to post to the forum, I would really appreciate if you would reply to this thread and keep me and others who have reported the issue with Google Sign-in, updated of any progress or maybe say when a check is possible.

As I am a software-developer myself, I hereby offer my support.  Please contact me if you are interested in my assistance in fixing this issue.

Thank you all for maintaining such a great and convenient website!

kind regards,

//Christian Pagh 

For now your best option is to reset your password. Even if you originally signed up using Google, requesting a password reset will allow you to log in normally - as long as you verified your email address after signup. Just visit https://www.tvmaze.com/account/passwordresetrequest (on a device where you are not logged in).

but it would also mean my password will exist in tvmaze's database, if I use the reset password option within your system.  ;-)

Sorry @ChristianPagh, this is not the answer you're looking for. But the fundamental error in your security thinking is aiming to use a small number of passwords. You should absolutely use a different password for every account you create. Data breaches are happening everywhere on a daily basis. Stealing credentials is becoming increasingly easy with assistance from AI tools and involvement from organized criminal and governmental actors. It is no longer a question of if your data will be compromised soon, but when.

To be more specific: what you should do is use a password manager (which will ensure a different password for every account)

On Google, thank you for submitting the analysis. Unfortunately we are experiencing issues with our Google account and we cannot resolve this right now. The option will probably fully disappear in the future, as these external authentication providers are proving themselves way too unstable.

Hi Jan and David,

Greetings from Brussels
I see this issue is already known and being looked at, so I won't go into the technical side. I just wanted to share my experience as a user, because I think it's worth hearing.

For several days I was completely locked out of my account. Every attempt to log in via Google resulted in the "Oh Snap! An error occurred" message. Password reset emails weren't arriving either, which made the whole situation feel like a total dead end. I tried multiple browsers, cleared my cache, restarted my router, everything. It took many attempts over several days before a password reset finally went through and I could get back in.

What made it especially frustrating is that there was no way to report it or ask for help without being logged in. The forum requires a login, so users who are locked out are essentially invisible. They just disappear silently, and you'd never know.

A bit of context about who I am: I was on ShareTV from the day it launched in 2007 right up until it closed in 2022. When it shut down and your team welcomed us over, I remember you called us "refugees", which was equal parts accurate and oddly touching. I've been on TVmaze every single day since then.

So when I suddenly couldn't get in, it felt genuinely unsettling, like losing access to something I'd been building up for nearly two decades across two platforms.

I understand these things happen, and I have nothing but respect for what you've built. I just hope this feedback is useful, and I'm glad you're aware of it and working on it.

Keep up the great work.

Radu