Welcome OpenID Connect

FEB 26, 2014
Author PhotoBy Adam Dawes, Product Manager, Google Accounts Team

Improving security while making it easier for users to sign in is the perennial challenge we face in the authentication trade. Federated sign-in has long held this promise but to be successful, it needs to be simple for users to understand and easy for developers to deploy. Today, the OpenID Foundation announced that the OpenID Connect specification has been ratified and is now available as an open standard for the world. We think it is going to make a big difference in improving people’s login experience all over the Internet. This new authentication standard is layered on top of OAuth 2.0 so that all the technology that sites already use to connect to other sites' APIs can also be reused for authentication. And like OAuth 2.0, OpenID Connect provides strong protections for users by only sharing account information that users explicitly tell us to.

Open ID connect logo

We’re putting our weight behind this new standard, providing formal support from its launch as well as building it into Google+ Sign-In. And to keep things as simple as we can for developers, we’re also going to consolidate all our federated sign-in support onto the OpenID Connect standard. This means that we will deprecate support for our older federated sign-in protocols including OpenID 2.0 on April 20, 2015, and our early version of OAuth 2.0 for Login, including the userinfo scopes and endpoint, on September 1, 2014 (see migration timetable for full details).

The easiest way to take advantage of our support for OpenID Connect is to use Google+ Sign-In, which provides easy-to-integrate libraries on the most popular platforms. Google+ Sign-In provides not only OpenID Connect sign-in but also other great features to give your app deeper integration with Google like over-the-air installs, cross-device sign-on, analytics as well as powerful social features for users who have a Google+ profile. You can still hand roll your integration to Google using the OpenID Connect protocol if you prefer, but you’ll miss out on these features. Please see our migration guide to get started moving to Google+ Sign-In and OpenID Connect.

Adam Dawes is a Product Manager on the Google Accounts Team where he is working to make it easy for users to share their data while maintaining full control over it. Outside the Googleplex, Adam enjoys exploring the outdoors with his family.

Posted by Scott Knaster, Editor