By Adam Dawes, Product Manager, Google Accounts Team
Improving security while making it easier for users to sign in is the perennial challenge we
face in the authentication trade. Federated sign-in has long held this promise but to be
successful, it needs to be simple for users to understand and easy for developers to deploy.
Today, the
OpenID Foundation announced
that the
OpenID Connect specification has
been ratified and is now available as an open standard for the world. We think it is going to
make a big difference in improving people’s login experience all over the Internet. This new
authentication standard is layered on top of OAuth 2.0 so that all the technology that sites
already use to connect to other sites' APIs can also be reused for authentication. And like
OAuth 2.0, OpenID Connect provides strong protections for users by only sharing account
information that users explicitly tell us to.
We’re putting our weight behind this new standard, providing formal support from its launch as
well as building it into Google+ Sign-In. And to keep things as simple as we can for
developers, we’re also going to consolidate all our federated sign-in support onto the OpenID
Connect standard. This means that we will deprecate support for our older federated sign-in
protocols including
OpenID
2.0 on April 20, 2015, and our
early version of OAuth 2.0
for Login, including the userinfo
scopes
and
endpoint,
on September 1, 2014 (see
migration
timetable for full details).
The easiest way to take advantage of our support for OpenID Connect is to use
Google+ Sign-In, which
provides easy-to-integrate libraries on the most popular platforms. Google+ Sign-In provides
not only OpenID Connect sign-in but also other great features to give your app deeper
integration with Google like
over-the-air
installs,
cross-device
sign-on, analytics as well as powerful social features for users who have a Google+
profile. You can still hand roll your integration to Google using the OpenID Connect protocol
if you prefer, but you’ll miss out on these features. Please see our
migration guide to get
started moving to Google+ Sign-In and OpenID Connect.
Adam Dawes is a
Product Manager on the Google Accounts Team where he is working to make it easy for users to
share their data while maintaining full control over it. Outside the Googleplex, Adam enjoys
exploring the outdoors with his family.
Posted by Scott Knaster,
Editor
