Google Confidential and Proprietary
So you want to be a
Relying Party:
Google Identity Toolkit v3
Adam Dawes
July 9, 2013
...
Google Confidential and Proprietary
Google Identity Toolkit
● Challenges to getting out of the password business
● GITKit ...
Google Confidential and Proprietary
Challenge #1:
I don't know how to get rid of my password db
Google Confidential and Proprietary
Challenge #2:
I need a complete solution for both passwords and IDPs
Google Confidential and Proprietary
Challenge #3:
I don't know how to 'slow roll' conversion to IDP sign-in
Google Confidential and Proprietary
Challenge #4:
I'm afraid NASCAR UX will confuse users
Google Confidential and Proprietary
GITKit v3 Key Features
● Migrate passwords to hosted authentication service
● Single i...
Google Confidential and Proprietary
GITKit provides a complete auth solution across passwords
and multiple IDPs
Auth Engin...
Google Confidential and Proprietary
GITKit v3 UX Walkthrough:
Password Login
Google Confidential and Proprietary
Account Chooser
● Addresses the NASCAR problem by
initiating login with an “account hi...
Google Confidential and Proprietary
GITKit v3 UX Walkthrough:
Password Sign Up
Google Confidential and Proprietary
GITKit v3 UX Walkthrough:
Password to IDP Account Conversion
Google Confidential and Proprietary
Incrementally roll out IDP support to password users
Configure and
roll out usage of
s...
Google Confidential and Proprietary
GITKit v3 UX Walkthrough:
IDP Sign Up
1) Sign-in button 2) Account Chooser
3) Password Entry/
Sign-up widgets
2Aii
2Ai, 2Aiii
2B
password
db
5) GITKit Service
5...
Google Confidential and Proprietary
GITKit v3 UX Walkthrough:
Account Management Widget
Google Confidential and Proprietary
GITKit Deployment - Overview
1. Register at the Google Developer Console
2. Modify you...
Google Confidential and Proprietary
GITKit Session Management - Basic
● You have to retrieve & validate the GITKit cookie;...
Google Confidential and Proprietary
GITKit Session Management - Advanced
You can use GITKit to check if a multiply-logged-...
Google Confidential and Proprietary
Advanced Topics - Lost Password Handling
GITKit provides a CAPTCHA-protected password-...
Google Confidential and Proprietary
What's coming for GITKit
● Non-email IDPs starting with Google+ Sign-in
● Support for ...
Google Confidential and Proprietary
Questions?
Thanks!
Documentation
Google Search: 'Google Identity Toolkit'
Demo
favcolo...
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In
Upcoming SlideShare
Loading in …5
×

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

418
-1

Published on

Adam Dawes, Product Manager, Google
Jonathan Beri, Developer Advocate, Google
There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
418
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

  1. 1. Google Confidential and Proprietary So you want to be a Relying Party: Google Identity Toolkit v3 Adam Dawes July 9, 2013 http://goo.gl/8pA1v
  2. 2. Google Confidential and Proprietary Google Identity Toolkit ● Challenges to getting out of the password business ● GITKit v3 Overview and UX walkthrough ● GITKit v3 Deployment ● What's coming
  3. 3. Google Confidential and Proprietary Challenge #1: I don't know how to get rid of my password db
  4. 4. Google Confidential and Proprietary Challenge #2: I need a complete solution for both passwords and IDPs
  5. 5. Google Confidential and Proprietary Challenge #3: I don't know how to 'slow roll' conversion to IDP sign-in
  6. 6. Google Confidential and Proprietary Challenge #4: I'm afraid NASCAR UX will confuse users
  7. 7. Google Confidential and Proprietary GITKit v3 Key Features ● Migrate passwords to hosted authentication service ● Single integration point for multiple email IDPs and passwords ● Fine-grained controls for password to IDP conversion ● Streamlined login and new account UX without NASCAR ● Account management widgets ● Detection of security event in multi-session scenarios
  8. 8. Google Confidential and Proprietary GITKit provides a complete auth solution across passwords and multiple IDPs Auth Engine Password Store GITKit ID Token Legacy passwords GITKit APIs Login GITKit
  9. 9. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Login
  10. 10. Google Confidential and Proprietary Account Chooser ● Addresses the NASCAR problem by initiating login with an “account hint” ● Privacy-preserving HTML5 app with all accounts stored locally
  11. 11. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password Sign Up
  12. 12. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Password to IDP Account Conversion
  13. 13. Google Confidential and Proprietary Incrementally roll out IDP support to password users Configure and roll out usage of selected IDPs
  14. 14. Google Confidential and Proprietary GITKit v3 UX Walkthrough: IDP Sign Up
  15. 15. 1) Sign-in button 2) Account Chooser 3) Password Entry/ Sign-up widgets 2Aii 2Ai, 2Aiii 2B password db 5) GITKit Service 5A 5B Auth Engine 4) IDP Auth 6) Post-login account chip 3A, 3C 3B 2Aiv 3D
  16. 16. Google Confidential and Proprietary GITKit v3 UX Walkthrough: Account Management Widget
  17. 17. Google Confidential and Proprietary GITKit Deployment - Overview 1. Register at the Google Developer Console 2. Modify your session management 3. Provide 4 endpoints: Callback, Home, Signout, and Lost-password a. Home and Sign-out are easy. b. Callback is just a one-line branch to GITKit handler code. c. Lost-password is hard. 4. Customize the GITKit UI 5. Migrate your users and accounts
  18. 18. Google Confidential and Proprietary GITKit Session Management - Basic ● You have to retrieve & validate the GITKit cookie; easy with a JWT library. ● When your session is invalid, check the GITKit cookie and if it's valid, load up a new session from it. ● If you notice it's a new user, use GITKit APIs to retrieve whatever information GITKit has on that user.
  19. 19. Google Confidential and Proprietary GITKit Session Management - Advanced You can use GITKit to check if a multiply-logged-in user has changed their password in another session. 1. Maintain a global per-user last-password-change timestamp. 2. Whenever the GITKit cookie changes, retrieve last-password- change and update the timestamp. Also, extract and remember the timestamp of the cookie itself. 3. For each transaction, check the GITKit cookie timestamp against the last-password-change timestamp. If it’s earlier, end the session, delete the GITKit cookie, and force re-authorization.
  20. 20. Google Confidential and Proprietary Advanced Topics - Lost Password Handling GITKit provides a CAPTCHA-protected password-change module. But it requires significant work from you. 1. Register a “Service Account” for your app in the Developer Console. 2. When you get the lost-password notification, use the Service- Account flow to get an offline-access token for GITKit. 3. Use the token to retrieve a one-time code. 4. Email a special callback URL including the code to the user; when they click it, the flow will complete.
  21. 21. Google Confidential and Proprietary What's coming for GITKit ● Non-email IDPs starting with Google+ Sign-in ● Support for IDPs that offer additional scopes and web widgets that use them ● Native library support for Android and iOS including interoperability with libraries from other IDPs
  22. 22. Google Confidential and Proprietary Questions? Thanks! Documentation Google Search: 'Google Identity Toolkit' Demo favcolor.net/gat Trusted Tester Sign-up goo.gl/U3w3f This deck goo.gl/8pA1v
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×