3

For years I've been using my own domain frightanic.com as my OpenID. However, my site delegates to Google's OpenID provider by using the following in the index.html's HTML head:

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" >
<link rel="openid2.local_id" href="http://www.google.com/profiles/marcelstoer" >

Google broke this with the introduction of Google+. Now with each login attempt they display a "Switch to Google+" page from which there's no escape.

What's the way around that (other than looking for a new OpenID provider or clicking the Google login option on StackExchange)?

Marcel Stör
  • 22,695
  • 19
  • 92
  • 198
  • In the meantime I dumped Google and became my own OpenID provider using [SimpleID](http://simpleid.koinic.net). Works a charm, eager to find out what the long-term experience will be. – Marcel Stör Jan 05 '13 at 23:38

2 Answers2

3

Kind of a shot in the dark but would using an identifier select URL in your local_id work?

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud">
<link rel="openid2.local_id" href="https://www.google.com/accounts/o8/id">

(note that the 2nd URL is /id rather than /ud)

Christophe L
  • 13,725
  • 6
  • 33
  • 33
  • I'm surprised it does work indeed, didn't expect that (based on the docs _I_ have seen). Since I was sort of sick being dependent on Google for OpenID I might just stick with SimpleID. – Marcel Stör Jan 07 '13 at 20:01
  • This is the only place I've seen this correctly documented. This let me switch from my normal Google account to my Google Apps account for OpenID. Thanks! – Keith Devens Mar 10 '13 at 21:24
  • 1
    It works, but doesn't this allow anyone to login from your page, since it has nothing specifically linked to the user? – lapo Mar 12 '13 at 14:31
  • 1
    @lapo: No. The `local_id` field provides mapping from provider identifier to the domain. In this form, it means that a user having provider identifier `https://www.google.com/accounts/o8/id` owns the domain, and since no user has this id, noone owns the domain. You could say that this snippet is basically a plain redirect to Google login. – Michał Górny Apr 28 '13 at 08:23
  • For those using delegation from a custom URI to Google for authentication, wondering if this gets around the OpenID 2.0 deprecation by Google, it doesn't. When you log in, it allows you to go through the authentication process with Google and authorising SE, but when you actually get to SE it is treated as a new login (i.e. you're logging in with your Google ID and not the custom OpenID URI you provided at the first step). – MrCranky Feb 13 '15 at 11:09
3

I was able to hack this around a bit but I've just created & removed a Google Plus profile, so I'm not sure if it won't stop working in a few days from now.

Go to http://profiles.google.com. It should redirect you to a profile page with your user number listed in the URL alike:

https://profiles.google.com/NNNNNNNNNNN/about

Alternatively, it may just ask you to register for Google Plus. If it does, you can enable it, then remove the Google Plus profile. The identifier should persist, and the above trick should work from now on. Sadly, I don't know a way around this.

Copy the number NNNNNNNNNNN from that URL to the following snippet and it should work:

The snippet looks like:

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" />
<link rel="openid2.local_id" href="https://profiles.google.com/NNNNNNNNNNN" />

Note that there's no ?source=profiles anymore. It used to work for me earlier but now results in a 500.

From what I've tried with OpenID-LDAP test, it seems that openid2.local_id can take practically any value. It is only responsible for mapping your Google identifier to your domain. Any other Google identifier will be used as-is, without mapping.

That is:

  1. If you log in with the Google account listed as local_id, you will be logged in as http://yourdomain.com.

  2. If you log in with any other Google account, you will be logged in as https://www.google.com/accounts/o8/id?....

If local_id has an invalid value, that is doesn't match any account identifier, all users will be logged in with their 'long' Google ids and the snippet will basically be a plain redirect to Google login.

Michał Górny
  • 18,713
  • 5
  • 53
  • 76