Your SlideShare is downloading. ×
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

247

Published on

Adam Dawes, Product Manager, Google …

Adam Dawes, Product Manager, Google
Jonathan Beri, Developer Advocate, Google
There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
247
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
  • 2. Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
  • 3. Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
  • 4. Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
  • 5. Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
  • 6. Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
  • 7. Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
  • 8. Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
  • 9. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
  • 10. Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
  • 11. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
  • 12. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
  • 13. Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
  • 14. Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
  • 15. 1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
  • 16. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
  • 17. Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
  • 18. Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
  • 19. Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
  • 20. Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
  • 21. Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
  • 22. Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v

×