85

Is it possible to use my personal website/blog to login to sites that use openid, and delegating to my Google account?

OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it.

mate64
  • 9,876
  • 17
  • 64
  • 96
Rio
  • 1,877
  • 3
  • 25
  • 25
  • 3
    Add a response to your own questions an mark as correct, that way everyone will see what was the answer in a more persistent manner – Oskar Kjellin Mar 29 '10 at 21:55
  • Thanks Oskar for the tip! However I cannot mark the answer as correct right now. It says I have to wait until tomorrow. – Rio Mar 30 '10 at 12:51
  • I've moved the answer out of the question and into your answer, hope you don't mind but it's how SO is generally used. – Tom Robinson Mar 31 '10 at 10:04
  • 1
    I wish that the question hadn't been modified because now I don't understand the answer. – Eric Falsken Mar 08 '12 at 18:11

3 Answers3

98

Now it is possible delegate OpenID to your Google account (not Google Apps).

No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account!

First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below.

Now add the following HTML code to your delegating page: 

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" /> 
<link rel="openid2.local_id" href="https://profiles.google.com/[YOUR PROFILE ID]" />

And it's done. Now try login SO with your custom url!

MrCranky
  • 1,498
  • 24
  • 32
Rio
  • 1,877
  • 3
  • 25
  • 25
  • What does the local_id line do? What if I wanted to enable multiple OpenIDs on my own domain name? These tags have to go only on a single URL that I use as my OpenID, right? – Eric Falsken Jun 18 '10 at 18:58
  • I assume you would need to add multiple tag to your page if you want to use multiple OpenID. Haven't tried myself, but I think it's the right direction. – Rio Oct 15 '10 at 05:02
  • 1
    Is it possible to have google host delegating page for me like MyOpenID does? – Piotr Dobrogost Nov 04 '11 at 12:59
  • 4
    Since google is all plusified now, the profiles.google.com url is no longer what you get when you go to "my profile" however, if your profile is https://plus.google.com/107217643432815688625/posts then https://profiles.google.com/107217643432815688625 still seems to work as your openid2.local_id – Lawrence D'Anna Aug 06 '12 at 03:38
  • FWIW, I am getting the following error using this method: `Error: invalid_request - OpenID auth request includes invalid delegation.` This does not happen constantly though - sometimes it is still working. The site with the delegate is daniel.hahler.de – blueyed Nov 10 '12 at 20:58
  • 8
    Currently with G+, you need to put: ` ` – Sebi Feb 06 '13 at 18:58
  • So if I use my own domain (fred.com) to log in to sites, and delegate to someplace else (google.com). Is there any cookie or key coming from google.com that is persisted on 3rd party sites? In other words, if the 3rd party site "remembers" my auth in some way, will I need to reauthenticate if I change my delegate to openid.com? In more general terms, what are the implications of changing who I delegate to? (Other than I might have assigned them a different password?) – Chris Quenelle Apr 06 '13 at 00:00
  • Just mentioning that the `http://profiles.google.com/[MY_PROFILE_ID]` seems to work just fine, even now after all the plusification, at least when the MY_PROFILE_ID is a custom value I've defined myself at some point. – Ilari Kajaste Sep 21 '13 at 20:39
  • 1
    @ChrisQuenelle According to my experience, when you change your delegate the only thing that happens is that you are directed to the new site for authentication. The first site still knows your identity as the whatever site you're delegating from. So it's very effortless to switch your authentication provider. – Ilari Kajaste Sep 21 '13 at 20:43
  • 1
    @Ilari is quite correct; this is, in fact, the stated purpose of delegation, to insulate the user from changes to the underlying provider in order to make switching providers completely transparent to the sites which are authenticating you. – Lawrence Dol Oct 04 '13 at 18:16
  • 1
    It is a beautiful thing. I just went through this. I had my OpenID delegated from my personal website to MyOpenID years, but they'll be shutting down in the near future. In preparation for that, I changed my delegation to Google and it "just works". :) – Jason Fritcher Nov 14 '13 at 18:52
  • Note: You do not need to enable "Profiles" or "Plusify" your account; a [simple Google account is all you need](http://stackoverflow.com/a/19166129/8946). – Lawrence Dol Jan 31 '14 at 00:54
  • 1
    I've tried the above, using Stack Overflow in an anonymous browser as my test; but once I've logged in over at Google, I'm redirected back to SO, to see the message "Confirm your new account... You are about to create a new account on Stack Overflow using a login from Google (*****@gmail.com). That can't be right. – J-P Feb 18 '14 at 21:06
  • 2
    @Sebi, I tried your `link` elements, but it used my Google identity as my claimed identity, rather than my delegating URL*. Also, it asked me which account of my currently two logged in accounts I wanted to use, so apparently `plus.google.com` is not the correct hostname to use. I used `profiles.google.com` with my gmail name instead, and it worked as expected. I have not checked how to use profiles.google.com with a Plus identity. *SuperUser asked to create a new account for `myname@gmail.com` rather than logging into my existing account based on the OpenID URL I gave it. – clacke Feb 19 '14 at 11:29
8

Despite what the accepted answer says, you do not need to join Google+ to use Google as a delegate since you already have a local ID, being the part of your email preceding the @.

Given an existing Google account of some-name@gmail.com, you simply need the following two links in your delegate page head section:

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud">
<link rel="openid2.local_id" href="https://profiles.google.com/some-name">

I just did this and have verified it works without having joined Google+.

Lawrence Dol
  • 63,018
  • 25
  • 139
  • 189
5

OpenID 2.0 for Google Accounts has gone away https://support.google.com/accounts/answer/6206245

kuboon
  • 9,557
  • 3
  • 42
  • 32