Hi,
I use Google Apps for my domain email, and I was wondering if I could use that account for OpenID instead of the regular Gmail account.
I know I can delegate Openid to some other URL using this:
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://samruby.myopenid.com/" />
But I can't find the appropriate URLs for Google.
Thanks
-Mathieu
-
My understanding is that Google is not exposing that server url, and as such makes this technique inoperable for a Google OpenID.
-
MyOpenID.com does offer openid on your own domain.
Kris Kumler : But won't the authentication for this all still go through myopenid.com? I think the OP was asking about using his existing domain credentials.Cade Roux : I see what you're saying. Hopefully the point will be moot one day when all services are OpenID consumers. -
They say they will in the future but doesn't give any clue to when the future will be here. See this thread in Google groups http://groups.google.com/group/google-federated-login-api/browse_thread/thread/19b33847210e5708
-
It's not possible.
Note: OpenID authentication is currently supported for Google accounts only, not Google Apps (hosted) accounts
© http://code.google.com/apis/accounts/docs/OpenID.html
Jeff Martin : This answer is outdated. -
Cade Roux's approach works great: it takes about 10 minutes to get an MyOpenID.com account set up and working for your own domain. It operates through a CNAME DNS record, so while MyOpenID does indeed host the necessary code for OpenID authentication, you use your own URL.
toolbear74 : The question is how to do it with it using one's Google account, not how to do it with [insert other provider] -
You can run your own openid server in your Google Apps domain (using GAE) - Google provides sample code of openid server. I've recently ported this to latest OpenID library, so now it is Openid 2.0 compatible. Project page: http://code.google.com/p/appengine-openid-provider/
-
Google recently (an hour or so ago) announced OpenID support for Google Apps customers.
Check out the discovery protocol on Google Groups. Should be a good start.
I believe the endpoint is ht tps://www.google.com/accounts/o8/site-xrds?hd=your-domain.com
Mathieu Longtin : I now accept this answer, since the situation has changed, with the caveat that this is only available to _paying_ Google Apps customers.Mike Meyer : According to their blog, it's enabled for all Google Apps customers. http://googlecode.blogspot.com/2009/07/google-apps-openid-identity-hub-for.html Looks like they don't allow for delegation though. It's "risky business." http://groups.google.com/group/google-federated-login-api/browse_thread/thread/825067789537568c#Mathieu Longtin : That Googlecode article says that is's available for all edition, the announcement says it only applies to Premier and Eduction domains, and the google-federated-login-api seems to mention only Premier and Education as well. I can't seem to find the enabling/disabling swith in my cpanel. So I'm confused.Mike Meyer : As am I. I hope it works for my domain using the standard Google Apps account and that delegation will one day be possible. Until then, it doesn't look like either one is going to be possible. -
For OpenId2 I currently have this on my site
<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" />as it is the only one required. Since I am logged in to Google Apps now as my default google account. OpenID consumers (Stack Exchange Sites mostly at this point) use that account (I get a message from google asking if the site can use that google account.
This doesn't FORCE the google apps account the way it would if you used a non-google apps account with (in addition to the provider above)
<link rel="openid2.local_id" href="http://www.google.com/profiles/YOURGOOGLEPROFILE" />But it does allow me to use my google apps account because it is the one I am currently logged in with.
Mathieu Longtin : Does this work on a free Google Apps account, or only enterprise and education?Jeff Martin : I have a free version.
0 comments:
Post a Comment