Delegating OpenID to Your Google Account

February 26th, 2010

OpenIDEarlier this morning I made a complaint on Twitter concerning how OpenID URLs are typically long and hard to remember – I was specifically referring to Google’s OpenID URLs. Sure, there are other providers available, and to be perfectly honest I have accounts with some of the more popular (WordPress, Yahoo, etc.), but my Google account is the one provider that gets used on a daily basis.

Chris Harrison brought me back on track telling me I should just use my own domain as my OpenID provider. Honestly, this required more effort than I wanted to exert but I started looking around for simpler solutions. As it turns out, there are two meta tags you can add to the header of your site (openid.server and openid.delegate) that will essentially “forward” any OpenID requests to your OpenID provider. This would allow me to make a quick change on my domain, not worry about maintaining the software that actually serves as the provider, yet still reap all the benefits.

Unfortunately, Google doesn’t support the openid.delegate meta tag…

Fortunately, one of Google’s very own App Engine demos does serve as an OpenID provider and allows you to delegate to their server. App Engine also allows developers to easily include authentication in their application by simply using the user’s Google Account – which is exactly what this demo application does. The end result: I authenticate with my Google Account to this App Engine demo and it serves up OpenID authentication on my domain’s behalf.

Check out the OpenID Provider demo and login to your account. After you’ve logged in the application will tell you what your OpenID URL is, which you could use on sites like StackOverflow to authenticate. If, on the other hand, you want to use your own domain as your OpenID URL, take this information, edit the HTML meta tags below, and toss them into the header of your very own website:

Edit: As Eric Harrison and Carsten Pötter mention within the comments, Google now supports OpenID on your individual profile pages. Check out John Panzer’s tutorial.

Filed in Web Standards
3 Comments »

3 Responses to “Delegating OpenID to Your Google Account”

  1. Eric Ryan Harrison Says:
    February 26th, 2010 at 10:44 am

    As I mentioned on Twitter, you can now also use your actual Google profile page (http://www.google.com/profiles/blister) as an OpenID provider.

    Easier to remember than their crazy /open/o2/od/o8/iln32d/iloveyou/23420323 or whatever crazy URL they were using before.

  2. Carsten Pötter Says:
    February 27th, 2010 at 5:05 am

    I think the provider demo at appspot will be discontinued. Though if you still want to use michaelwales.com as your OpenID and Google as your provider you can add the following meta tags to your header:

    Carsten

  3. Carsten Pötter Says:
    February 27th, 2010 at 5:09 am

    Oh, the code in my previous comment was lost. Well, simply have a look at John Panzer’s blog where he explains what to add to the header section:

    http://www.abstractioneer.org/2009/12/openid-delegation-for-googles-op.html

Leave a Reply