[OpenID] Google+ and Unique Identifiers -- different again?

Andrew Arnott andrewarnott at gmail.com
Sat Jul 2 15:58:32 UTC 2011 

I'm amazed that Google did this, but would be shocked if they did it
deliberately.  Here's what I got from a test RP when trying to log in using
my http://profiles.google.com/andrewarnott identifier:

The OpenID Provider issued an assertion for an Identifier whose
discovery information did not match.
Assertion endpoint info:
ClaimedIdentifier: https://profiles.google.com/114635397638720587251
ProviderLocalIdentifier: https://profiles.google.com/114635397638720587251
ProviderEndpoint: https://www.google.com/accounts/o8/ud?source=profiles
OpenID version: 2.0
Service Type URIs:
Discovered endpoint info:
[{
	ClaimedIdentifier: https://plus.google.com/114635397638720587251
	ProviderLocalIdentifier: https://plus.google.com/114635397638720587251
	ProviderEndpoint: https://www.google.com/accounts/o8/ud?source=profiles
	OpenID version: 2.0
	Service Type URIs:
		http://specs.openid.net/auth/2.0/signon
		http://openid.net/srv/ax/1.0
		http://specs.openid.net/extensions/ui/1.0/mode/popup
		http://specs.openid.net/extensions/ui/1.0/icon
		http://specs.openid.net/extensions/pape/1.0
},]

So Google has some messed up server/user config as it is -- let's just hope
when they fix it, they make both the old and the new world work.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Sat, Jul 2, 2011 at 8:41 AM, Peter Watkins <peterw at tux.org> wrote:

> On Fri, Jul 01, 2011 at 08:48:29PM -0700, Johannes Ernst wrote:
> > It seems Google has changed their unique identifiers for people again.
> >
> > Apparently I'm now:
> >       https://plus.google.com/104555285104903729468
> > as opposed to
> >       http://profiles.google.com/Johannes.Ernst
> > and so many other variations over the years.
>
> Someone from Google, please chime in!
>
> I run an RP site and Google is the most popular OP for the the
> users who choose to use OpenID instead of setting up "local" accounts,
> so this could be a significant problem for us. Most of our Google
> users get those ugly random per-RP identifiers, but a fair number
> have "profiles" identifiers. So even if this only affects "profiles"
> identifiers, a change like this is going to deny Google users access
> to the resources to which they are entitled.
>
> -Peter
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110702/91c87baf/attachment.html>

More information about the general mailing list