MortalPowers Now Uses OpenID

by Stephen Fluin 2010.06.17

Tonight I worked on launching Google Account / OpenID integration on Now, instead of needing to register, or create a username/password, you can simply visit the registration page and sign up with Google's OpenID provider.

If you sign up right now, the only permission you will get is to submit to the HTML5 Video Gallery.

OpenID Implementation Details

It turns out OpenID integration is much simpler than Facebook Connect. I understand Facebook Connect and OAuth implementations have much more capabilities, but they also have much more complexity.

For this implementation, whenever a login request or signup request is made, the user will call up Google (or whatever OpenID provider is hardcoded into my script) with the requesting URL. The OpenID provider will generate an authentication token if the user agrees to the request, and the authentication token will be passed back to my script for use. The security model is that only my site and Google (with valid authentication) know or can generate this token, so anyone that has this token and can pass it to me can be trusted as having passed Google's authentication.

Hopefully I will be able to integrate with Facebook Connect or Google's OAuth services to get better information about users and start providing integration with other services and capabilities. I have Facebook Connect code that used to work, but after moving all authenticated pages to https, the Facebook Connect code no longer works, and deserves a complete rewrite based on my knew cross-site authentication and authorization knowledge.