Login/Register
Delegate OpenID to Google (NOT Google Apps)
Asked Answered
Solved openidgoogle-oauthdelegation
T

3

85

Is it possible to use my personal website/blog to login to sites that use openid, and delegating to my Google account?

OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it.

Tocci answered 29/3, 2010 at 21:51 Comment(4)
Add a response to your own questions an mark as correct, that way everyone will see what was the answer in a more persistent mannerAddison
Thanks Oskar for the tip! However I cannot mark the answer as correct right now. It says I have to wait until tomorrow.Tocci
I've moved the answer out of the question and into your answer, hope you don't mind but it's how SO is generally used.Quant
I wish that the question hadn't been modified because now I don't understand the answer.Maquette
D
98

Now it is possible delegate OpenID to your Google account (not Google Apps).

No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account!

First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below.

Now add the following HTML code to your delegating page: 

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" /> 
<link rel="openid2.local_id" href="https://profiles.google.com/[YOUR PROFILE ID]" />

And it's done. Now try login SO with your custom url!

Degroot answered 29/3, 2010 at 21:51 Comment(14)
What does the local_id line do? What if I wanted to enable multiple OpenIDs on my own domain name? These <link> tags have to go only on a single URL that I use as my OpenID, right?Maquette
I assume you would need to add multiple <link rel="openid2.local_id" ...> tag to your page if you want to use multiple OpenID. Haven't tried myself, but I think it's the right direction.Tocci
Is it possible to have google host delegating page for me like MyOpenID does?Corny
Since google is all plusified now, the profiles.google.com url is no longer what you get when you go to "my profile" however, if your profile is plus.google.com/107217643432815688625/posts then profiles.google.com/107217643432815688625 still seems to work as your openid2.local_idArizona
FWIW, I am getting the following error using this method: Error: invalid_request - OpenID auth request includes invalid delegation. This does not happen constantly though - sometimes it is still working. The site with the delegate is daniel.hahler.deKieger
Currently with G+, you need to put: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" /> <link rel="openid2.local_id" href="https://plus.google.com/GPLUSID" />Sabian
So if I use my own domain (fred.com) to log in to sites, and delegate to someplace else (google.com). Is there any cookie or key coming from google.com that is persisted on 3rd party sites? In other words, if the 3rd party site "remembers" my auth in some way, will I need to reauthenticate if I change my delegate to openid.com? In more general terms, what are the implications of changing who I delegate to? (Other than I might have assigned them a different password?)Ianteen
Just mentioning that the http://profiles.google.com/[MY_PROFILE_ID] seems to work just fine, even now after all the plusification, at least when the MY_PROFILE_ID is a custom value I've defined myself at some point.Orpington
@ChrisQuenelle According to my experience, when you change your delegate the only thing that happens is that you are directed to the new site for authentication. The first site still knows your identity as the whatever site you're delegating from. So it's very effortless to switch your authentication provider.Orpington
@Ilari is quite correct; this is, in fact, the stated purpose of delegation, to insulate the user from changes to the underlying provider in order to make switching providers completely transparent to the sites which are authenticating you.Mantra
It is a beautiful thing. I just went through this. I had my OpenID delegated from my personal website to MyOpenID years, but they'll be shutting down in the near future. In preparation for that, I changed my delegation to Google and it "just works". :)Amanuensis
Note: You do not need to enable "Profiles" or "Plusify" your account; a simple Google account is all you need.Mantra
I've tried the above, using Stack Overflow in an anonymous browser as my test; but once I've logged in over at Google, I'm redirected back to SO, to see the message "Confirm your new account... You are about to create a new account on Stack Overflow using a login from Google (*****@gmail.com). That can't be right.Statuary
@Sebi, I tried your link elements, but it used my Google identity as my claimed identity, rather than my delegating URL*. Also, it asked me which account of my currently two logged in accounts I wanted to use, so apparently plus.google.com is not the correct hostname to use. I used profiles.google.com with my gmail name instead, and it worked as expected. I have not checked how to use profiles.google.com with a Plus identity. *SuperUser asked to create a new account for [email protected] rather than logging into my existing account based on the OpenID URL I gave it.Catwalk
M
8

Despite what the accepted answer says, you do not need to join Google+ to use Google as a delegate since you already have a local ID, being the part of your email preceding the @.

Given an existing Google account of [email protected], you simply need the following two links in your delegate page head section:

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud">
<link rel="openid2.local_id" href="https://profiles.google.com/some-name">

I just did this and have verified it works without having joined Google+.

Mantra answered 3/10, 2013 at 18:8 Comment(0)
N
5

OpenID 2.0 for Google Accounts has gone away https://support.google.com/accounts/answer/6206245

Nb answered 29/3, 2010 at 21:51 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.