Federated Login For Google Account Users
October 28th, 2008 | Published in Google Code
*Due to the strong interest from our developer community and the high registration rate, we decided to make it easier for websites to experience the new API and removed the registration requirement. For more information see the OpenID post on the Google Code blog.
Many of the developers who use the Google Data APIs have asked for a way to remove the need for a login system on their site. Today we announced that we are allowing websites to test an API that will permit single sign-on for Google Account users who visit your websites. The initial version of the API will enable websites to validate the identity of a Google Account user including the optional ability to request the user's e-mail address. Here are screenshots of the example flow that a user might see if he or she starts at a website that uses this new feature.
The user would open the homepage of a website that uses the Google Data APIs (KidMallPics, in this example), and instead of having to fill out a login box or account creation form, he or she would simply click the Google button.
The user would then be taken to the Google website, where they would confirm they want to sign in to KidMallPics.
Finally, the user would be sent back to the KidMallPics site, where he or she would be signed in. If the user had previously signed into KidMallPics and authorized them to access the user's photo account at Google, then the user could now perform actions on the KidMallPics website such as having his or her mall photos transferred to Google using the Google Data protocol.
This new API is already being used by www.buxfer.com and www.plaxo.com. Shashank Pandit at Buxfer says that "We now offer all our users the ability to login to Buxfer using their Google Account to avoid the need to create yet another login and password." Joseph Smarr, Chief Platform Architect at Plaxo says, "It's great to see Google become an Open ID provider in addition to supporting OAuth, which we already use. We are thrilled to be among the first sites to allow users to login with their Google Accounts. This is going to be great for users, Plaxo and the web."
We chose OpenID as the protocol for our identity provider because it makes a large set of open source implementations available for many different development platforms used by Google Data API developers. To learn more about this new API see http://code.google.com/apis/accounts/docs/OpenID.html.
Google is also working with the open source community on ways to combine the OAuth and OpenID protocol so a website can not only request the user's identity and e-mail address, but can at the same time request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs. In the future, this should allow a website to immediately provide a much more streamlined, personalized and socially relevant experience for users when they log in to trusted websites.
Updated 10/30/2008 to reflect changes to registration process