Google Combines OpenID and OAuth in new Hybrid Protocol

Andres Ferrate
Jan. 30 2009, 04:21AM EST

Google is making it even easier for developers wishing to implement OpenID with the OAuth. Google has announced that developers can now utilize a "Hybrid Protocol" that combines the OpenID federated login with the OAuth authorization process. The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID. According to Yariv Adan on the Google Data APIs Blog:

We are happy to announce an important enhancement to our recently launched OpenID endpoint. Google now supports the "Hybrid Protocol", combining OpenID federated login together with OAuth access authorization. Websites can now ask Google to sign-in a user using their Google Account, and at the same time request access to information available via OAuth-enabled APIs such as the Google Data APIs.

For example, the website www.Plaxo.com is an early adopter of the new service and has already released a beta version supporting it for some of its new users. Plaxo's UI provides both a richer sign-in offering, using the Federated Login OpenID API, and a simple and secure way to import their Google Contacts using OAuth. In the past, sign-in required multiple redirects between Plaxo and Google, and more importantly, multiple user approval pages, one for OpenID during sign-in and another for the OAuth access authorization request. No more!

Plaxo OpenID

We encourage you to check out the Plaxo OpenID-based sign-in to get an idea of how the new protocol has been implemented. Google has provided plenty of documentation and examples with this latest release, including a draft specification of the OpenID OAuth Extension, a sample implementation of the new protocol, a Google Groups page dedicated to the topic, and a Google Code project page (complete with source).

Hybrid Example

ReadWriteWeb, Plaxo, VentureBeat, and TechCrunch all have additional coverage on the news.

Andres Ferrate

Comments

Comments(10)

[...] Face à une telle révolution (quel confort pour l’utilisateur), la réponse de Google ne s’est pas fait attendre. Et fidèle à sa réputation, Google nous propose une solution à la pointe du raffinement technologique avec un protocole hybride qui repose à la fois sur OpenID et sur OAuth (respectivement pour l’authentification côté utilisateur ou pour l’authentification sécurisée côté API) : Google Combines OpenID and OAuth in new Hybrid Protocol. [...]

[...] Face à une telle révolution (quel confort pour l’utilisateur), la réponse de Google ne s’est pas fait attendre. Et fidèle à sa réputation, Google nous propose une solution à la pointe du raffinement technologique avec un protocole hybride qui repose à la fois sur OpenID et sur OAuth (respectivement pour l’authentification côté utilisateur ou pour l’authentification sécurisée côté API) : Google Combines OpenID and OAuth in new Hybrid Protocol. [...]

[...] new features available for its OpenID API. As some of our readers may remember, earlier this year Google released a “Hybrid Protocol” API that combines an OpenID federated login with OAuth access authorization. The API has been enhanced [...]

Hi! I know this is kinda off topic however , I'd figured I'd ask. Would you be interested in trading links or maybe guest authoring a blog post or vice-versa? My site covers a lot of the same topics as yours and I feel we could greatly benefit from each other. If you are interested feel free to shoot me an email. I look forward to hearing from you! Great blog by the way! <a href="http://hauskreditrechner.info" rel="nofollow">Haus Kreditrechner</a>

The Zune concentrates on being <a href="http://www.bootsoutlet-sales.com/" rel="nofollow">Ugg Boots Sale</a> a Portable Media Player. Not a web browser. Not a game machine. Maybe in the future it'll do even better in those areas, but for now it's a fantastic way to organize and listen to your music and videos, and is without peer in that regard. The iPod's strengths are its web browsing and apps. If those sound more compelling, perhaps <a href="http://www.bootsale-outlet.com" rel="nofollow">ugg boots outlet</a> it is your best choice.