Google OpenID Connect for authentication without using any Google API

Question

Google OpenID Connect for authentication without using any Google API

The OpenID Connect FAQ says one of the main use cases is that it allows "site developers to authenticate users without taking responsibility for storing and managing passwords."

Google+ login is an implementation of OpenID Connect. I understand that you have registered an application with Google and you are choosing the Google API that you want this application to have access to.

Is it possible to use Google+ to login just to use the Authentication Service (for the browser) without using any Google APIs?

If this is a valid service / technology application, where is that a good description of what the web application needs to do to integrate this authentication functionality, and what impact does this have on the web application's HTTP API design and subsequent implementation?

+3

http-authentication openid google-oauth google-openid javascript-security

user2754486 01 dec. 14 at 12:22

source to share

1 answer

Hans Z. · Accepted Answer · 2014-12-01T13:47:07+0000

You can use Google+ to authenticate without API access, as OpenID Connect allows it. Upon returning from Google, your webapp will receive id_token

which identifies the user and access_token

which you are using against the Google API. You can just use the information in id_token

and discard access_token

.

Speculation is probably the best place to look at this: http://openid.net/specs/openid-connect-core-1_0.html

For an example implementation as an Authentication Module for the Apache web server see https://github.com/pingidentity/mod_auth_openidc

Google OpenID Connect for authentication without using any Google API

More articles: