Beantin webbkommunikation

Beantin Beta Blog

Experiments, investigations, and tests of web things
July 5, 2011

Google+ breaks OpenID

For a few websites I’ve used my Google Profile URL as a OpenID identifier – allowing me to log in using my Google Account. That identifier changes format when you sign up for Google Plus. Google hasn’t managed the change of URL correctly and it stops you from logging in.

Google+ login page

Bad news

This naturally is terrible news for anyone using (or running) a web service that makes use of OpenID. The handling of multiple personas is something that OpenID copes with perfectly OK with – providing the account provider (in this case Google) does their stuff.

Google have changed the format of OpenID identifiers based on profiles before. Originally (in 2009) they were of the format http://www.google.com/profiles/[username] which migrated to http://profiles.google.com/[username] (in March 2011). Both of those work and are authoritive.

Changed profile URL

Once you sign up to Google+ your profile URL changes to the format http://plus.google.com/[number]/posts. The problem at the moment is that Google isn’t answering in an authoritive way for the two previous incarnations of the profile URL, breaking OpenID for you.

You can read a discussion on the OpenID mailing list. Some sites are still working, but they shouldn’t (if they are, they’ve got a security flaw!). Let’s hope Google get’s their act together before too many people and companies are affected.

Related Posts Plugin for WordPress, Blogger...

Tags

Filed under Research.

Tags: ,

Theme Beantin created by James Royal-Lawson. Privacy Policy