|
|
|
|
Setting up OpenID using a Google AccountSetting up an OpenID identity (http://http://openid.net/) is a great way to reduce the number of usernames and passwords you have to remember (and remember to change.) Google makes a great OpenID provider (since most of us have a Google account and are logged into it most of the time), but it isn't the friendliest system out of the box. This article shows you how to set up an easy-to-remember ID (your domain name) while still using Google as the authentication provider. A Short Explanation of DelegationThe OpenID protocol understands that most of us don't want to run our own authentication server, but we also don't want to be tied down to a single provider like Google or myopenid.com. Its solution is discovery - a way to use your own domain as your OpenID without running an OpenID provider there. The details of delegation are beyond the scope of this quick how-to article, so we'll stick to how it works with Google. Setting up OpenID with a regular Google accountGoogle uses different delegation methods for Google Apps customers and regular consumer accounts. The consumer version is the simplest to set up: Step One - Enable your Google ProfileGoogle uses your public Google Profile as its local ID. Log into google.com if you aren't already, then choose "Google account settings" from the Settings menu. Click "Edit Profile". Scroll down to the "Profile URL" section of the page. If one is already set, just note it for later us. If not, pick a new name for your profile. Step Two - Add Delegation HeadersNow you need to tell OpenID consumers how to find your OpenID provider. This just requires adding a couple of html link tags to the URL you want to use as your ID. Picking the URL is important - this is what you'll use as your "username" from here on out. If you have a personal domain name, use the home page of that. For our example we'll use my personal domain home page: http://richardsonnen.com/. Open the HTML for the page and add these two links to the area: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" /> <link rel="openid2.local_id" href="http://www.google.com/profiles/<whatever you named your google profile>" /> Step Three - Try it OutFind an OpenID-aware service and try out your new account. Enter the URL you picked above (http://richardsonnen.com/ in my case) as the OpenID. You should be taken to a page on Google's site and asked if you want to allow the service to authenticate you. That's it - now you can use your domain name as your permanent username Setting up OpenID with a Google Apps accountIf you want to use a Google Apps account your road is not so easy: http://groups.google.com/group/google-federated-login-api/web/openid-dis... http://groups.google.com/group/google-federated-login-api/browse_thread/... |