More User Friendly Authentication Flow
January 30, 2009 in OpenID by Carsten Pötter | View Comments
![]()
Plaxo and Google are currently test-driving the OpenID/OAuth Hybrid Extension which is still a draft. Combining OpenID authentication and OAuth based authorization, this new extension to the OpenID protocol reduces the number of redirects between the OpenID Provider and the consuming site, the Relying Party, if access to further data from the provider is required or desired. This technical reduction of redirects also benefits users as they don’t have to first authenticate with their OpenID, and in a second step grant the Relying Party access to more data like address books.
As you can probably imagine the new extension only works if the OpenID Provider is also the OAuth Service Provider and the Relying Party is also the OAuth Consumer. Other combinations don’t work. Translating this into the Plaxo/Google example, Plaxo is the Relying Party/Consumer and Google is the OpenID/OAuth Provider.
The implementation basically works like this: Plaxo members invite Gmail users who are redirected to Plaxo when clicking the invite link from within their Gmail account. Users are then asked if they want to sign up with their Google account and if they want to import their Google address book. They are then redirected to Google to confirm the sign in request (the OpenID part of the flow) and to grant access to their address books (the OAuth part). By confirming those requests they are redirected to Plaxo again, signed in and the address book is imported as well. For more information on the implementation have a look at the Plaxo and Google blogs.
While this implementation is currently only a test, it shows how the OpenID/OAuth flows can be simplified and made more user friendly. This will certainly help raise acceptance of the protocols not only by users but also by bloggers and oher press who are often in favor of Facebook Connect when comparing it to OpenID.
Update: I almost forgot. There is a demo of the hybrid protocol available at http://googlecodesamples.com/hybrid/ which also features Portable Contacts data. Cool stuff!

Tags: Google, hybrid protocol, OAuth, OpenID, OpenID protocol, Plaxo, Relying Party
-
Carsten Pötter
-
Hugh Isaacs II
Recent Articles
-
Disqus Improves User Experience of OpenID
February 13, 2010 in OpenID
Sometimes the results of OpenID logins look a little bit strange, certainly not as expected by users. Blog comments are a good example. Usually I would expect my real name or username displayed there but occasionally it looks like this:
The provider simply didn’t send my name (Google in this case).
While some providers allow personas, i.e. [...] -
OpenID: Another Connect and Marketing
January 6, 2010 in OpenID
Oh no, not another post on OpenID already, you might think. Well, the new year is only a few days old and there are already three posts and tweets respectively that got me thinking about it again. But if you don’t want to read about OpenID again, just ditch this post.
The Idea of [...] -
Hidden Progress of OpenID
December 17, 2009 in OpenID
Yesterday, the
-
Great Customer Service for a Foolish Guy
October 29, 2009 in General
This blog post is a little bit different from the not so relevant open web centric stuff you usually find here. However I think it’s a good story about great customer service. So why not share it with you, although I play the stupid part in this story?
On Sunday I checked my credit card bill [...] -
Microformateers: Quick Microformats Support
October 25, 2009 in Microformats
Microformats are really cool. Small snippets of code that semantically describe various information included in any published text on the web. It’s not visible information for end-users but rather metadata that can be crawled and parsed by search engines or extracted by other means, like browser add-ons.
While microformats are rather simple – even I understand [...]
Worth Reading
Amber Naslund
Close preview
Loading...Chris Brogan
Close preview
Loading...Chris Messina
Close preview
Loading...Christian Scholz
Close preview
Loading...David Recordon
Close preview
Loading...Frank Hamm
Close preview
Loading...Franz Patzig
Close preview
Loading...Hutch Carpenter
Close preview
Loading...Marcel Weiß
Close preview
Loading...Markus Spath
Close preview
Loading...Matthias Gutjahr
Close preview
Loading...Matthias Pfefferle
Close preview
Loading...Netzwertig
Close preview
Loading...Read/Write Web
Close preview
Loading...Sebastian Küpers
Close preview
Loading...Silke Berz
Close preview
Loading...The FASTForward Blog
Close preview
Loading...Valeria Maltoni
Close preview
Loading...
