We are happy to announce an important enhancement to our recently launched OpenID endpoint. Google now supports the "Hybrid Protocol", combining OpenID federated login together with OAuth access authorization. Websites can now ask Google to sign-in a user using their Google Account, and at the same time request access to information available via OAuth-enabled APIs such as the Google Data APIs.
For example, the website www.Plaxo.com is an early adopter of the new service and has already released a beta version supporting it for some of its new users. Plaxo's UI provides both a richer sign-in offering, using the Federated Login OpenID API, and a simple and secure way to import their Google Contacts using OAuth. In the past, sign-in required multiple redirects between Plaxo and Google, and more importantly, multiple user approval pages, one for OpenID during sign-in and another for the OAuth access authorization request. No more!
The Hybrid Protocol allows Plaxo to encapsulate their OAuth authorization request inside the OpenID authentication request, letting Google know that the user wants to use both APIs. Google can now display a single approval page for both requests. Here is how the new user experience looks:
In their sign in page, Plaxo offers their users the option to sign in using their Google Account and import their Gmail Contacts.
The user is then redirected to the Google website and asked to confirm both sign in and access authorization requests.
Finally, the user is redirected back to Plaxo, where she is already signed in and her Google contacts are available. If it's the first time the user signed-in using the Federated Login API, an additional instructive window will be displayed to ensure that the next sign-in experience will be as easy and successful as the first.
Not only does the protocol allows a much better user experience as shown above, it also reduces the total number of browser redirects and roundtrips, reducing overall latency.
To learn more about this new API see http://groups.google.com/group/google-federated-login-api/web/oauth-support-in-googles-federated-login-api. To make it easier for you to use the new API, we created a collaborative Open Source project together with other major vendors where you can download open source implementations for your Relying Party component. You are invited to contribute your own code and suggested best practices to this website.
The Hybrid Protocol is a result of the ongoing effort by the OpenID and OAuth communities to make these protocols more useful for users and websites. Google is working together with the OpenID community to standardize the new protocol as a formal OpenID extension. If you want to help further these efforts and have an impact on what the next advancements are, you are welcome to join the OpenID and OAuth mailing lists.
If you're interested in looking at some code, check out our working sample using the Google Data PHP client library. The source code is available here.
skip to main |
skip to sidebar
Archives
Followers
13 comments:
The Google group link points to a page that is giving me this error:
You have to be a manager of this group to view this page.
FYI
Awesome work! I'm sure we'll see more widespread support for OpenID/OAuth and the Open Stack soon!
Still waiting for you to let me associate my ALREADY SETUP WHILE YOU WERE DRAGGING YOUR FEET OpenID as a login to the Google properties.
But of course, you're never going to let me do that, because you really don't care about OpenID.
What about OAuth in combination with Google's own product Friend Connect. Doesn't it make more to integrate with your own products than with 3rd parties?
This is truly exciting work. Federated ID is something my employer has been recently looking at to integrate our enterprise applications with our business partners.
The biggest question that I have is where the heck do you get an API key at? I have been looking around everywhere on google and I cannot seem to find this!! Is there a specific API key that I need to apply for, for each of the google services or is there one key that rules them all?
I found what appears to be where you apply for the youtube API but I cannot find anything else on this. I found this on a cached version of a website as well. So I am wondering why is this being hidden from developers? The documentation is easy to find but not where you apply for the apis.
http://code.google.com/apis/youtube/dashboard/productSignup
@Chris
Many of the Google APIs do not require a developer key. What API are you trying to work with?
YouTube does have the concept of a developer key, and you can get one from the site you mentioned. It's not hidden though-- it's in the left nav of the documentation (look for 'Developer Keys'):
http://code.google.com/apis/youtube/2.0/developers_guide_protocol_audience.html
If you're just trying to get an OAuth key/secret, please visit:
https://www.google.com/accounts/ManageDomains
OAuth keys/secrets/etc are only required for OAuth-authenticated access to services, and not for unauthenticated access or standard AuthSub.
Note: OAuth only works with YouTube when the end-user has linked their YouTube account with a Google account and uses that to sign in.
(I know the word 'key' is overloaded in too many ways-- and that might be leading to a bit of confusion. Sorry about that.)
Thanks for the quick response! That solved the problem I was having Thank you so much.
what the heck!!!!!!
i've been also looking for the key to use the Google Web APIs service.
i've wandered all over the site.
i want to enable search on my site using google tag library...
i got Data API --but not getting for the search and one more thing .... i dont want to use ajax web api...i dont want that....
please somebody guid me wat to do??? i m utterly stuck here..
what the heck!!!!!!
i've been also looking for the key to use the Google Web APIs service.
i've wandered all over the site.
i want to enable search on my site using google tag library...
i got Data API --but not getting for the search and one more thing .... i dont want to use ajax web api...i dont want that....
please somebody guid me wat to do??? i m utterly stuck here..
sohbet
Post a Comment