Google is making it even easier for developers wishing to implement OpenID with the OAuth. Google has announced that developers can now utilize a “Hybrid Protocol” that combines the OpenID federated login with the OAuth authorization process. The new OpenID OAuth extension makes it easier for developers to implement OAuth through initial authentication using OpenID. According to Yariv Adan on the Google Data APIs Blog:
We are happy to announce an important enhancement to our recently launched OpenID endpoint. Google now supports the “Hybrid Protocol“, combining OpenID federated login together with OAuth access authorization. Websites can now ask Google to sign-in a user using their Google Account, and at the same time request access to information available via OAuth-enabled APIs such as the Google Data APIs.
For example, the website www.Plaxo.com is an early adopter of the new service and has already released a beta version supporting it for some of its new users. Plaxo’s UI provides both a richer sign-in offering, using the Federated Login OpenID API, and a simple and secure way to import their Google Contacts using OAuth. In the past, sign-in required multiple redirects between Plaxo and Google, and more importantly, multiple user approval pages, one for OpenID during sign-in and another for the OAuth access authorization request. No more!
We encourage you to check out the Plaxo OpenID-based sign-in to get an idea of how the new protocol has been implemented. Google has provided plenty of documentation and examples with this latest release, including a draft specification of the OpenID OAuth Extension, a sample implementation of the new protocol, a Google Groups page dedicated to the topic, and a Google Code project page (complete with source).