Friday, October 31, 2008

Federated Login For Google Account Users

Posted by Yariv Adan, Google Security Team

Many of the developers who use the Google Data APIs have asked for a way to remove the need for a login system on their site. Today we announced that we are allowing websites to join a limited test of an API that will allow single sign-on for Google Account users who visit your websites. The initial version of the API will enable websites to validate the identity of a Google Account user including the optional ability to request the user's e-mail address. Here's are screenshots of the example flow that a user might see if he or she starts at a website that uses this new feature.

The user would open the homepage of a website that uses the Google Data APIs (KidMallPics, in this example), and instead of having to fill out a login box or account creation form, he or she would simply click the Google button.

The user would then be taken to the Google website, where they would confirm they want to sign in to KidMallPics.

Finally, the user would be sent back to the KidMallPics site, where he or she would be signed in. If the user had previously signed into KidMallPics and authorized them to access the user's photo account at Google, then the user could now perform actions on the KidMallPics website such as having his or her mall photos transferred to Google using the Google Data protocol.

This new API is already being used by and Shashank Pandit at Buxfer says that "We now offer all our users the ability to login to Buxfer using their Google Account to avoid the need to create yet another login and password." Joseph Smarr, Chief Platform Architect at Plaxo says, "It's great to see Google become an Open ID provider in addition to supporting OAuth, which we already use. We are thrilled to be among the first sites to allow users to login with their Google Accounts. This is going to be great for users, Plaxo and the web."

We chose OpenID as the protocol for our identity provider because it makes a large set of open source implementations available for many different development platforms used by Google Data API developers. To learn more about this new API see To request access to the limited trial, please visit our Google Federated Login discussion group and register using the online registration form.

Google is also working with the open source community on ways to combine the OAuth and OpenID protocol so a website can not only request the user's identity and e-mail address, but can at the same time request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs. In the future, this should allow a website to immediately provide a much more streamlined, personalized and socially relevant experience for users when they log in to trusted websites.

Link - from Official Google Data APIs Blog
New in Labs: Advanced IMAP Controls
Looking back in time for context
How the US has voted since 1980
Ghoul Books, Bat Puns

No comments: