Logging in with Google accounts

[crb]

I looked at the OpenID thread and it seemed that there was interest, but no customer interest, so there wasn't going to be an OpenID authentication provider coming out any time soon.

But now I want one.

Specifically, I want to be able to log in with a Google account at a certain domain, which could be achieved by submitting a username (with no password), checking it is in the format of an email account at a certain domain, and then putting it through the standard process.

This is all well documented on Google's end; I wanted to know if any thought had been put into this, and does anyone want to help me write it (read: implement it from my sexy sexy spec) ?

[rberinger]

I looked at the OpenID thread and it seemed that there was interest, but no customer interest, so there wasn't going to be an OpenID authentication provider coming out any time soon.

But now I want one.

Specifically, I want to be able to log in with a Google account at a certain domain, which could be achieved by submitting a username (with no password), checking it is in the format of an email account at a certain domain, and then putting it through the standard process.

This is all well documented on Google's end; I wanted to know if any thought had been put into this, and does anyone want to help me write it (read: implement it from my sexy sexy spec) ?

At the beginning I was whining hard about Google Account Authentication and integration. If we were able to harness the power of some of the Google Apps that would be awesome. I am a fan of this idea but have no idea how to implement it.

[crb]

I have had a chat with MaxM and roy2k about it on IRC, and have the following notes:

so yea, hack up a hook for an alt login screen that simply redirects to the mindtouch service. that'll do another bounce to google. that'll bounce back to the service which will validate it and log the user in via the api and then redirect back to the UI
^openid for mt summed up

• There's a spec at this page which isn't a spec at all, but might be a good starting place. Once I've had a look at that code and moved it, I will happily write a real spec.
• We would need to use the UI hooks to provide a custom login page (either for a selection of providers, or in my case, just Google).
• Max recommends using Dream to do the auth handshake - I am wondering about DotNetOpenAuth instead
• He further says the service can be completely stateless: 'the token thats send to the auth provider can be generated by that service and can be self validating.. timestamp + salt"

[crb]

Further update: DotNetOpenAuth seems like it might do what we want, but it doesn't currently support Google Apps For Your Domain. I've asked the authors for a possible workaround.