Google Combines OpenID and OAuth in new Hybrid Protocol

Andres Ferrate, January 30th, 2009
Comments(6)

Google is making it even easier for developers wishing to implement OpenID with the OAuth. Google has announced that developers can now utilize a “Hybrid Protocol” that combines the OpenID federated login with the OAuth authorization process. The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID. According to Yariv Adan on the Google Data APIs Blog:

We are happy to announce an important enhancement to our recently launched OpenID endpoint. Google now supports the “Hybrid Protocol“, combining OpenID federated login together with OAuth access authorization. Websites can now ask Google to sign-in a user using their Google Account, and at the same time request access to information available via OAuth-enabled APIs such as the Google Data APIs.

For example, the website www.Plaxo.com is an early adopter of the new service and has already released a beta version supporting it for some of its new users. Plaxo’s UI provides both a richer sign-in offering, using the Federated Login OpenID API, and a simple and secure way to import their Google Contacts using OAuth. In the past, sign-in required multiple redirects between Plaxo and Google, and more importantly, multiple user approval pages, one for OpenID during sign-in and another for the OAuth access authorization request. No more!

Plaxo OpenID

We encourage you to check out the Plaxo OpenID-based sign-in to get an idea of how the new protocol has been implemented. Google has provided plenty of documentation and examples with this latest release, including a draft specification of the OpenID OAuth Extension, a sample implementation of the new protocol, a Google Groups page dedicated to the topic, and a Google Code project page (complete with source).

Hybrid Example

ReadWriteWeb, Plaxo, VentureBeat, and TechCrunch all have additional coverage on the news.

6 Responses to “Google Combines OpenID and OAuth in new Hybrid Protocol”

January 30th, 2009 at 12:39 pm

Comment by: Google lance son offre concurrente à Facebook Connect | FredCavazza.net

[...] Face à une telle révolution (quel confort pour l’utilisateur), la réponse de Google ne s’est pas fait attendre. Et fidèle à sa réputation, Google nous propose une solution à la pointe du raffinement technologique avec un protocole hybride qui repose à la fois sur OpenID et sur OAuth (respectivement pour l’authentification côté utilisateur ou pour l’authentification sécurisée côté API) : Google Combines OpenID and OAuth in new Hybrid Protocol. [...]

January 30th, 2009 at 3:29 pm

Comment by: Google Likes OAuth and 15 Resources to Get Started! - WebServiceable

[...] caught wind of OAuth through Yariv Adan on the Google Data APIs Blog via the almighty ProgrammableWeb, and I’m excited to see what happens [...]

February 2nd, 2009 at 3:14 am

Comment by: Enlaces del 02-02-09 | evelio.info

[...] Google Combines OpenID and OAuth in new Hybrid Protocol [...]

April 21st, 2009 at 3:58 am

Comment by: Ideal » Archive du blog » Google lance son offre concurrente à Facebook Connect

May 14th, 2009 at 7:57 pm

Comment by: Google Enhances OpenID API and User Experience

[...] new features available for its OpenID API. As some of our readers may remember, earlier this year Google released a “Hybrid Protocol” API that combines an OpenID federated login with OAuth access authorization. The API has been enhanced [...]

July 25th, 2009 at 5:39 am

Comment by: atlantica power leveling

The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID.The new MMORPG of atlantica power leveling is hot now, we are providing the cheap atlantica power leveling service for you.