Blog of our latest news, updates, and stories for developers
Hybrid Onboarding
Tuesday, November 3, 2009
Do you operate a website and wish you could increase the percentage of users who finish the registration process? As discussed on Google's
main blog
, Google has been working with Plaxo and Facebook to improve the registration success rate for Gmail users. We now see success rates as high as 90%, compared to the 50-60% rate that most websites see with traditional registration mechanisms. This result was achieved using a combination of our
OpenID
,
OAuth
and
Portable Contacts
APIs. While those APIs have been available for over a year, we have added a number of refinements based on our experience with Plaxo and Facebook. Our documentation now has information on those new features, including:
OpenID User Interface Extension 1.0 (including the ability to display the favicon of the website)
x-has-session, which is an enhacement to checkid_immediate requests via the UI extension. If the request includes "openid.ui.x-has-session," it will be echoed in the response only if Google detects an authenticated session
Support for the US Government's GSA profile for OpenID
PAPE (Provider Authentication Policy Extension) to support forced password reprompts
Support for not only Google Accounts, but also our Google Apps customers, as discussed on the
Enterprise blog
For more details, please refer to our
OpenID
documentation.
While these technologies are all standards-based, the methods for how to combine them to achieve this success rate are not obvious, and took a while for the industry to refine. More information is available in the
Hybrid Onboarding Guide
, but below is a quick summary of some of the best practices for this hybrid onboarding technique:
The technique is primarily for websites with an existing login system based on email addresses.
It also assumes the website will send email to users who are not yet registered, whether it is through traditional email marketing or social network invitations.
The website owner then needs to choose a small set of email providers such as Yahoo and Google that support these standards.
Whenever the website sends email to a user at one of those providers, any hyperlinks that promote registration at the website should be modified to communicate the email address (or at least domain) of the user back to the website's registration page.
If the registration page detects a user from one of these domains, it should NOT start the traditional process of asking the user to enter a password, password confirmation, and email. Instead, it should prominently show a single button that says "Sign up with your Google Account" — where Google is replaced with the name of the email provider.
If the user clicks that button, the website should use the OpenID protocol to ask the email provider to authenticate the user, provide their email address, and optionally ask for access to their address book using the hybrid OpenID/OAuth protocol and the Portable Contacts API. More details about this flow are available on the
OpenID blog.
Once the user returns to the website, it can create an account entry for the user. The website can also mark the email address as verified without having to send a traditional "email verification" link to the user. If the website received the user's permission to access their address book, it can now download it and look for information about the user's friends.
In the unusual case where an account already exists for that email address, the website can simply log the user into that pre-existing account.
For any newly registered user, the website should then display a page that confirms the user is registered and that indicates how they should sign in in the future.
To make the login process simple, the website should modify their login box to include a logo for each of the trusted email providers it supports, or use one of the other
user experiences for Federated Login.
If a user clicks the email provider button, they can again be sent to that provider's site using the OpenID protocol. When the user comes back, the website can either detect that they previously registered, or if it is a new user, the website can create an account for them on the fly.
In some cases the account may already exist for that email address, but it was not initially registered using OpenID. In that case, the website can simply log the user in to that pre-existing account.
By Eric Sachs, Product Manager, Google Security
2 comments :
ikillbert
November 5, 2009 at 3:11 PM
sweat ^^
Reply
Delete
Replies
Reply
ikillbert
November 5, 2009 at 3:11 PM
1й/x
Reply
Delete
Replies
Reply
Add comment
Load more...
Labels
.app
.dev
#AIY
#devfest18 #devfeststories #gdg #googledevelopers #developers #community
#freeandopen
#GooglePlay #AndroidDevStory #PlayStore #DeveloperConsole #StoreListingExperiments
#growwithgoogle
#io12
#io13
#io14
#io15
#io16
#io17
#io18
#io2012
#io2013
#io2014
+1
20% project
3d
3D face mesh
about.com
accelerator
accessibility
actions
actions on google
actionsongoogle
activity
Administrative APIs
AdMob
adobe
Ads
adsense
advanced
advogato
AdWords
africa
agency program
agpl
AI
AI Principles
AIY
AIY Projects
AIYProjects
ajax
ajax apis
ajax search
ajax search books news apis
all for good
amarok
AMP
AMP Cache
analytics
and Assistant
android
android developer certification
android developers
Android Development
Android Studio
Android Things
android wear
animation
Announcement
announcements
apache
api
API.AI
apis
apis console
apis explorer
apis. charts
app
app design
App dev
App Development
app engine
app indexing
app indexing api
App Invites
apple
Application Development
apps
apps script
AR
ARCore
area 120
artifact management
Artificial Intelligence
asia
assistant
atom publishing protocol
Audio
Augmented images
augmented reality
australia
Auth
authentication
authsub
automatic speech recognition
awards
axsjax
barcodes
beacon
beacons
Belarus
bespin
best practices
beta
bigquery
bitcoin
Blockly
blogger
book search
books API
bootcamp
Brazil
british english
Brotli
browser
Build Out
building ajax apps
BuildOut
Bulgaria
business
buzz
c++
Cache
caja
caldav
calendar
camino
campfire one
caption
cardboard
CardDAV
cast
Certification
certification award
channel
chinese
chrome
chrome apps
chrome dev summit
chrome devtools
chrome experiment
chrome extensions
chrome os
chrome web store
chromecast
chromium
chronoscope
cifs
classes
classroom api
client libraries
closure tools
cloud
Cloud anchor
cloud datastore
cloud functions for firebase
Cloud Next
cloud platform
cloud portability
cloud services
cloud sql
cloud storage
cms
coca cola
CocoaPods
code for educators
code jam
code review
code-in
codeedu
codelabs
coffee with a googler
Colaboratory
collada
color
Colt McAnlis
commerce
community
community connectors
competition
Compilers
compression
compressorhead
computer vision
computing heritage
conferences
contacts api
Containers
contest
contextual gadgets
conversation design
conversations
Coral
Core ML
couchdb
countdown to I/O 2012
courses
CPU
crash course
Crash Reporting
crashlytics
creative commons
cricket
crisis response
Croatia
cryptocurrency
cryptography
css
css3
custom search
custom search api
Czechia
danish linux forum
dart
Data Compression
Data Visualization
database
Databases
Dataset
Datasets
datastore
dataviz
Daydream
deprecation
design
devart
develop
developer
Developer Communities
developer expert
developer features
Developer Keynote
developer relations
developers
developers. meetup
devfest
devfest developer chrome maps social wave apps
DevFest18
DevFestStories
DFP
dialogflow
discovery service
diversity
django
dns
do-it-yourself
Docker
docs
documentation
documents list api
dojo
domains
doodles
dot net
doubleclick
dreamweaver
Drive
drupal
dynamic links
earn
earth
eclipse
eclipsecon
eddystone
Edge TPU
Edge TPU Accelerator
Edge TPU Dev Board
educatio
education
email
EMEA
endpoints
enterprise
entrepreneurs
Estimator
Estimators
estonia
Ethics
Europe
event
events
evolution
execution api
extensions
Fabric
Fairness
fairness in machine learning
faster web
FCM
featured
feeds
finance
fintech
Firebase
Firebase Analytics
Firebase Cloud Messaging
Firebase Dynamic Links
firebug
firefox
firestore
firevox
firstbeta
fitness
flutter
Flutter 1.2
Flutter Live
flutter release preview 1
flutter release preview 2
font api
Fonts
fosdem
freebsd
freenet
Fridaygram
fusion tables
G Suite
G+
gadgets
Game Developers Conference
games
gaming
gcc
gci
GCP
GDA
gdata
GDC17
GDD
gdd07
gdd08
gdd09
GDD11
GDE
gdg
gdl
gdl weekly
gears
geo
geolocation
geoserver
getpaid
ghop
git
github
GKE
gmail
Gmail APIs
GMTC
gnome
gnome women's summer outreach program
Go
goo.gl
Google
Google AI
Google APIs
google apps
google apps api
google apps for your domain
google apps marketplace
Google AR
google assistant
google assistant sdk
Google Brain
google buzz
google cast
google chart api
google checkout
google chrome
Google Cloud
Google Cloud Messaging
Google Cloud Platform
google cloud storage
google code
google code project hosting
google code search
google code university
google compute engine
Google Coral
google data apis
google data protocol
Google Data Studio
google developer day
google developer days
Google Developer Scholarship
google developers
Google Developers Academy
google developers certification
google developers community groups
Google Developers Groups
Google Developers Live
Google Developers site
Google Developers University Consortium
google docs
Google Docs API
google doctype
google domains
Google Drive
Google Drive SDK
google earth
google fit
Google Fonts
google friend connect
google gadgets
google gears
google grants
Google Groups Settings
google health
Google I/O
Google Identity Platform
Google in Asia
google io
Google Maps
Google Maps Platform
google mashup editor
Google Noto fonts
google photos
google platform
Google Play
Google Play Developer API
google play services
Google Registry
google scholarships
Google Science Fair
Google sheets
Google Sheets API
Google Slides
Google Slides API
google space
Google Spreadsheets API
google storage
google summer of code
Google tech talk
Google technology
google technoloy user groups
google tv
google visualization api
google wallet
Google Wave
google web elements
google web toolkit
google.org
google+
GoogleAssistant
googlecast
googledevelopers
googleio
googlenew
GooglePlay
googlewebelements googleio
GPE
GPGS C++ Games
GPT
green linux
Groups API
grow
grow with google
gsoc
GSuite
gtags
gtug
guest post
guice
gulp
GWSOP
gwt
gzip
hackathon
hacking
hackthon
hamilton
hangouts
Hangouts Chat
Hangouts Chat API
haproxy
hg
hibernate
howto
hpux
html
html5
http
I/O
I/O 17
I/O 2017
I/O Extended
I/O Live
ical
identity
ietf
ignite
igoogle
iguanas
iiw
Image Compression
image search
Imara
In-app billing
in-app payments
in-app purchase
incubator
India
indie
Indie Games Accelerator
information visualization
intelligentwire
interactive music
internationalization
internet explorer
internet of things
interviews
IO17
io18
IO2017
ios
iOS SDK
IoT
ipad
iphone
iPhone Development
israel
Issue Tracker
jaiku
japanese
java
javascript
jetpack
joomla
joomladayus2007
joomladayusa
json
karaoke
KDE
KDE 4.0
Keras
kernel
kernel summit
keynote
khronos
kids
kids coding
kids coding team
kml
korean
Krakow
Kubernetes
labs
lanchpad
languages
latam accelerator
LatAm startups
latitude
latvia
launch
launchpad
launchpad accelerator
launchpad studio
lca
Leadership
Learning
lens
lessons
licenses
linux
linux foundation
linux summit
linux virtual server
linuxconf eu
lithuania
localization
LoCo
london
mac
MacFuse
Machine
machine intelligence
machine learning
machine learning accelerator
maker
Makers
malware
maps
maps apis
Marketplace
material
material components
material design
MDL
meetup
mercurial
Mexico startups
MIT CSAIL
MIT Media Lab
ml
ML Kit
MLCC
mobile
Mobile App Development
mobile design
Mobile Development
mobile performance
mobile sites
mobile speed
mobile UX
Mobile web
Mobile World Congress
mod_pagespeed
Moderator
monetize
MOOC
mozilla
mylar
myspace
MySQL
mythtv
named
narratives
native ads
native client
nearby
netbsd
non-profit
nonsense
nosql
notifications
Noto Serif CJK
nss
nvidia
O3D
oauth
OAuth playground
OAuth2
objective-c
OCaml
ocr
ODF
office hours
oha
OOXML
open data
open source
open source blog
open source releases
open web
openajax alliance
opengl
openid
opensocial
openssh
openssl
Optimization
oreilly
orkut
oscon
oscon2007
osi
oss devs
ossjam
osx
pactester
page speed
PageSpeed
palette
payments
Peer bonus program
performance
phone
photos
picasa
picasa web
places API
play services
playground
plone
plone sprint
podcast
poland
Poly
polymer
Polymer Summit
portugal
posix
PowerMeter API
prediction api
preview
prizes
programming
Progressive Web App
project hosting
Project Loon
Project Tango
prototype
proximity
pubsubhubbub
PWA
py3k
python
python sprint
rails
random hacks of kindness
Rasberry Pi
reader
releases
Remote Config
research
reserve seats
Responsible AI
result snippets
Reto Meier
Rewarded Ads
Rewarded Video Ads
rhino
Saatchi
Safety & Security
safety and security
salesforce
samba
Sample dialogs
sandbox
Santa Tracker
scalability
scale-ups
Sceneform
schedule
scholarship
scholarships
Scratch
screencast
sdk
sdks
search
security
Serbia
serif
service worker
sessions
seurat
shape
Sheets API
shindig
shopping
Shoreline Amphitheatre
showcase
sidewiki
sign-in
silverstripe
SIMD
sitemaps
sites api
sixapart
sketchup
Slides API
small business
small businesses
Smart Lock for Passwords
soap search api
soc
social
social graph
solaris
souders
spa2007
Space
spdy
speakers
speech
speed
speed tracer
Stable release
standards
startup
Startup accelerator
startups
STEM
storage
Street View
student programs
students
stuff
style
subscribed links
subscription
subversion
summer of code
Sundar Pichai
SVG
sxsw
syndication
tasks API
Team Drives (new)
techmakers
templates
TensorFlow
tensorflow dev summit
TensorFlow Lite
TensorFlow Research Cloud
tensorRT
Test Lab
testing
text embedding models
tfdevsummit
TFLite
themes
thought leadership
tool
tools
topp
TPU
training
tranparency
transit
translate
translation
tutorials
tv
ubiquitous computing
ubiquity
ubucon
ubuntu
Udacity
UI
Ukraine
unicode
unit test
Unity
universal
Universal App Campaigns
University
unix
url
url shortener
URLs
UX
video
videos
Vim
virtual keyboard
virtual reality
visualization
voice
voice kit
voice user interface
VR
VUI
wattpad
Wearables
Weave
web
web animations api
web apps
web components
web design
web designer
web development
web exponents
web fonts
web performance
web platform docs
web registry
webfonts
webgl
webmaster
WebP
website optimizer
webVR
weekly roundup
WhiteHouse.gov
Who's at Google I/O
win
windows
windows programming
Winter of Code
Women Tech Makers
women techmakers
writing
wtm
xauth
yahoo
Young Makers
youtube
zlib
zurich
ZXing
Archive
2019
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2007
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2006
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2005
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Subscribe
Google
on
Follow @googledevs
Visit
Google Developers
for docs, event info, and more.
sweat ^^
ReplyDelete1й/x
ReplyDelete