Home

Previous Entry | Next Entry

Use Your Google Account as an OpenID via App Engine

  • Apr. 8th, 2008 at 9:55 AM
drunk, _schools491, Commercial, Drawing Lesson, q/a, Rafting, Go-Carts, warm smile, sunny, chicken, thug, FDLFUBlogger, grissom, lava lamp, dumb, mosaic killer, Sun in Belize, Alex's avatar, golden gate, Nuke, retro, FireFox X-mas, power failure, Smile, Car Rally Fun, Fish, Beach Smile, workin', Take Back the Web!, santa, Milton, fire smile, Quincy, drama, Short Hair, schools, _schools2285, scuba
When Google launched App Engine last night at Campfire One (more on Radar), I was thinking about building an app that bridged Google Accounts to OpenID. Simon Willison did this around a year ago for Yahoo! accounts using their BBAuth protocol.

The reason this would be so easy is that App Engine includes a Users API for Google Accounts authentication. This makes it really easy to authenticate a Google Account in any App Engine app. (Of course you can also use OpenID via the Python libraries.) Thus writing the glue between an OpenID Provider and a Google Account wouldn't actually be that hard. The end result would be that every Google Account also become an OpenID.

Turns out I was already beat to the punch: http://openid-provider.appspot.com/. Ryan Barrett, who is a member of the App Engine team, wrote the app along and writes more about it on his blog.

This now means that every AOL, Google, and Yahoo! account is also an OpenID! Obviously this OpenID Provider is probably more of a proof of concept than anything else, but it still is great to see.

Tags:

Comments

( Leave a comment )
[info]singpolyma.net wrote:
Apr. 8th, 2008 05:20 pm (UTC)
b0rken
The page will not load for me
| Reply | Thread
[info]http://openid.aol.com/ljshepard wrote:
Apr. 8th, 2008 06:18 pm (UTC)
Not the same as in-house support...
You're right; technically it's feasible, but just as with the Facebook OpenID apps, it won't get any adoption until it's integrated with Google natively, and users don't have to remember a separate URL. Although I suppose a website could ask you for your gmail account, and then construct the url for openid-provider.appspot.com, and make it look like it was natively supported ...

Er, I just tried to log in here with that app and got a redirect error. A few kinks still to work out :)
| Reply | Thread
[info]daveman692 wrote:
Apr. 8th, 2008 06:20 pm (UTC)
Re: Not the same as in-house support...
Completely agreed, but an interesting proof of concept of the sort of stuff that App Engine now enables.
| Reply | Parent | Thread
[info]mart wrote:
Apr. 8th, 2008 07:04 pm (UTC)

Sadly, this shares the same limitation that my old prototype LID proxy and idproxy.net both had: the URLs are "wrong".

Now that Yahoo! supports OpenID, the existing users of idproxy.net must now choose whether to switch to the official provider and effectively become a new identity, or continue using idproxy.net.

These proxy things are useful for a time, but history suggests (ho ho!) that any authentication service for which an OpenID proxy is created will ultimately get OpenID support itself. It certainly worked out that way for LID and Yahoo! ;)

| Reply | Thread
[info]trs80 [typekey.com] wrote:
Apr. 9th, 2008 10:24 am (UTC)
This is just symptomatic of a deeper problem with OpenID - you can't change your URI with most RPs without creating a new identity. E.g. I'm stuck with my typekey account because LJ has a 1:1 mapping between OpenID URIs and external identity accounts. Sure this can be avoided by using a link rel="openid.server" on your preferred domain, but you have to do this a priori, not use your other OpenID URIs directly and you're still stuck if your preferred domain changes.

Dave, you stayed with SixApart when LJ split off, didn't you? LJ's OpenID support has gone nowhere for years and still treats them as anonymous in most cases, despite me writing a patch to fix this 10 months ago.
| Reply | Parent | Thread
[info]earle wrote:
Apr. 16th, 2008 11:27 am (UTC)
Yes, nothing seems to have happened. I'm still hoping to get some official response to this, but it's not looking promising.
| Reply | Parent | Thread
[info]markszpakowski.myopenid.com wrote:
Apr. 9th, 2008 02:47 pm (UTC)
Google not yet an OpenID provider - appspot.com is
openid-provider.appspot.com is just using Google to allow a user to authenticate to it, but it's appspot.com itself that is the user's OpenID provider, not Google - which is a huge difference experience-wise for the user, and probably for the relying party (which may well ask who is appspot.com?).

Anyway, let's see if using an appspot openid works to post this comment... NOPE! (error: can't find openid-provider.appspot.com/login).

Switching to using my iName. NOPE! again, you don't seem to support iNames...

Switching to using my myopenid url-based OpenID...
| Reply | Thread
[info]rafe.myopenid.com wrote:
Apr. 9th, 2008 05:53 pm (UTC)
Should we trust Google?
I'm trying to figure out if it's good or not that Google will eventually serve as an OpenID authenticator. For users, I mean. And doesn't this give Google a lot of power over apps that authenticate to their servers?

Although, to be fair, I publicly wished for exactly this last year: http://www.webware.com/8301-1_109-9807059-2.html.

| Reply | Thread
( Leave a comment )