• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
 

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

on

  • 311 views

Adam Dawes, Product Manager, Google ...

Adam Dawes, Product Manager, Google
Jonathan Beri, Developer Advocate, Google
There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.

Statistics

Views

Total Views
311
Views on SlideShare
311
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In Presentation Transcript

    • Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
    • Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
    • Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
    • Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
    • Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
    • Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
    • Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
    • Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
    • Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
    • Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
    • Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
    • Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
    • Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
    • Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
    • 1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
    • Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
    • Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
    • Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
    • Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
    • Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
    • Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
    • Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v