How do you delegate your OpenId to Google Apps

StackOverflow https://stackoverflow.com/questions/436829

  •  22-07-2019
  •  | 
  •  

Question

I use Google Apps for my domain email, and I was wondering if I could use that account for OpenID instead of the regular Gmail account.

I know I can delegate Openid to some other URL using this:

<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://samruby.myopenid.com/" />

But I can't find the appropriate URLs for Google.

Thanks

-Mathieu

Was it helpful?

Solution

Google recently (an hour or so ago) announced OpenID support for Google Apps customers.

Check out the discovery protocol on Google Groups. Should be a good start.

I believe the endpoint is ht tps://www.google.com/accounts/o8/site-xrds?hd=your-domain.com

OTHER TIPS

You can run your own openid server in your Google Apps domain (using GAE) - Google provides sample code of openid server. I've recently ported this to latest OpenID library, so now it is Openid 2.0 compatible. Project page: http://code.google.com/p/appengine-openid-provider/

For OpenId2 I currently have this on my site

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" />

as it is the only one required. Since I am logged in to Google Apps now as my default google account. OpenID consumers (Stack Exchange Sites mostly at this point) use that account (I get a message from google asking if the site can use that google account.

This doesn't FORCE the google apps account the way it would if you used a non-google apps account with (in addition to the provider above)

<link rel="openid2.local_id" href="http://www.google.com/profiles/YOURGOOGLEPROFILE" />

But it does allow me to use my google apps account because it is the one I am currently logged in with.

My understanding is that Google is not exposing that server url, and as such makes this technique inoperable for a Google OpenID.

They say they will in the future but doesn't give any clue to when the future will be here. See this thread in Google groups http://groups.google.com/group/google-federated-login-api/browse_thread/thread/19b33847210e5708

It's not possible.

Note: OpenID authentication is currently supported for Google accounts only, not Google Apps (hosted) accounts

© http://code.google.com/apis/accounts/docs/OpenID.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top