The New Google Earth 6.2

We’re taking bird’s eye view to a whole new level with the latest version of Google Earth, released today. With Google Earth 6.2, we’re bringing you the most beautiful Google Earth yet, with more seamless imagery and a new search interface. Additionally, we’ve introduced a feature that enables you to share an image from within Google Earth, so you can now simply and easily share your virtual adventures with family and friends on Google+.


A seamless globe

The Google Earth globe is made from a mosaic of satellite and aerial photographs taken on different dates and under different lighting and weather conditions. Because of this variance, views of the Earth from high altitude can sometimes appear patchy.

Today, we’re introducing a new way of rendering imagery that smoothes out this quilt of images. The end result is a beautiful new Earth-viewing experience that preserves the unique textures of the world’s most defining geographic landscapes—without the quilt effect. This change is being made on both mobile and desktop versions of Google Earth. While this change will appear on all versions of Google Earth, the 6.2 release provides the best viewing experience for this new data.

Grand Canyon before and after

Sri Lanka before and after

Share your explorations with Google+

Google Earth is a great way to virtually explore the globe, whether revisiting old haunts or checking out a future vacation spot. With the Google Earth 6.2 update, we’ve added the option to share a screenshot of your current view in Google Earth through Google+. If you’ve already upgraded to Google+, you can share images of the places you’ve virtually traveled to with your Circles, such as family, friends or your local hiking club. To try this new feature, simply sign in to your Google Account in the upper right hand corner of Google Earth and click “Share.” Images of mountains, oceans, deserts, 3D cities, your favorite pizza shop on Street View—you can now experience all these amazing places around the world with people on Google+.


Search improvements

We’ve also made some updates to the search feature in Google Earth. Aside from streamlining the visual design of the search panel, we’ve enabled the same Autocomplete feature that’s available on Google Maps. We’ve also introduced search layers, which will show all the relevant search results (not just the top ten), so now, when looking for gelato in Milano, you can see all the tasty possibilities. Finally, we’ve added biking, transit and walking directions, so if you’re itching for a change of scenery or looking for a new route for your regular commute, you can now use Google Earth to generate and visualize all your options.

via: Google Lat Long blog

The Changes to OAuth 2.0 endpoint

 

In the coming weeks we will be making three changes to the experimental OAuth 2.0 endpoint. We expect the impact to be minimal, and we’re emailing developers who are most likely to be affected.

We will be releasing these changes on November 15, 2011. This post describes the changes, their impact, and how they can be mitigated.

Change #1: Error responses for client-side web applications

The first change relates to the way errors are returned in OAuth 2.0 client-side web applications. It does not impact server-side, native, or device flows.

The current behavior of the OAuth 2.0 endpoint in certain error conditions is to return the error to the application as a query string parameter, for example:

https://www.example.com/back?error=access_denied.

The OAuth 2.0 specification indicates that the error should be returned in the fragment of the response. We are updating our OAuth 2.0 implementation to support the most recent draft of the specification. As a result, we will be changing the way we return errors to applications in the client-side flow.

As an example, today an error returns to your application as

https://www.example.com/back?error=access_denied. After this change, it will be returned as

https://www.example.com/back#error=access_denied.

There is no mitigation for this change, so your application will have to handle these types of errors in client-side script.

Change #2: Offline access as a separate parameter

The second change impacts the OAuth 2.0 server-side flow only. It does not impact client-side, native, or device flows. For context, this flow consists of the following steps:

  1. Redirect the browser to the Google OAuth 2.0 endpoint.
  2. The user will be shown a consent page.
  3. If the user consents, parse the authorization code from the query string of the response.
  4. Exchange the authorization code for a short-lived access token and a long-lived refresh token.

Once your application has obtained a long-lived refresh token (step 4), it may access a Google API at any time. This means server-side applications do not require the end-user to be present when obtaining new access tokens. We’re calling this type of access offline.

The client-side flow, in contrast, requires the user to be present when obtaining an access token. This type of access is called online.

With this change, we will be exposing online and offline access as a separate parameter that’s available only in the server-side flow.

When your application requests offline access, the consent page shown to a user will reflect that your application requests offline access and your application will receive an access and a refresh token. Once your application has a refresh token, it may obtain a new access token at any time.

When your application requests online access, your application will only receive an access token. No refresh token will be returned. This means that a user must be present in order for your application to obtain a new access token.

If unspecified in the request, online is the default.

A mitigation for this change is described at the end of this post.

Change #3: Server-side auto-approval

This change also impacts the OAuth 2.0 server-side flow only.

In the current implementation of OAuth2, every time your application redirects a user to Google, that user must give explicit consent before an authorization code is given to your application. As a result, sending a user through the flow another time requires them to see the consent screen again. Most applications don’t do this, but rather use the existing server-side flow as it was intended: a one-time association (import contacts, calendar operations, etc.) where the result is a refresh token which may be used to obtain new access tokens.

The behavior is changing to the following:

  • Users will only see the consent screen on their first time through the sequence.
  • If the application requests offline access, only the first authorization code exchange results in a refresh token.

To put it another way, consent will be auto-approved for returning users unless the user has revoked access. Refresh tokens are not returned for responses that were auto-approved.

The next section describes how to mitigate this change.

Mitigation of offline access (#2) and auto-approval (#3) changes

If you want to keep the existing behavior in your server-side applications, include the approval_prompt=force and access_type=offline parameters in an authorization code request.

For example, if the following is a target URL for obtaining an authorization code today:

https://accounts.google.com/o/oauth2/auth?
client_id=21302922996.apps.googleusercontent.com&
redirect_uri=https://www.example.com/back&
scope=https://www.google.com/m8/feeds/&
response_type=code

You can maintain the current behavior by changing the target URL to:

https://accounts.google.com/o/oauth2/auth?
client_id=21302922996.apps.googleusercontent.com&
redirect_uri=https://www.example.com/back&
scope=https://www.google.com/m8/feeds/&
response_type=code&
access_type=offline&
approval_prompt=force

You may start including these parameters in authorization code requests today.