I have a site that uses OpenID for Google authentication right now. What would be the best way to transition to G+ authentication and phase out the OpenID authentication?
one plus one
Shared publicly•View activity
- May 16, 2013
- Gus Class (Gus)Moderator+1has done this on his sites before. If I recall correctly, they replaced their existing flow with the new flow: sign-in button with hybrid/one-time-code flow. You replace your existing access/refresh tokens with the ones minted from the new flow (look the user up by ID) and then you get all the goodness of the new sign-in button features.May 16, 2013
- It depends if you're willing to ask for email permissions on the new oAuth flow. That will make it easy to link the two accounts - you can just switch right now to oAuth and once user authenticates, link the account with the account having the same o8 ID.
Since I chose not to ask for email, I built an !IMPORTANT! notification when user logs in via o8, to take them through the oAuth flow, so the server recognises the two accounts are linked and I eventually could ditch the o8s. Did this for 2 months before closing down the o8s.
The tricky part is you can no longer just show a single Google button for login or signup. Because you don't know in advance if the user is o8 or oAuth (user obviously doesn't know if they are o8 or OAuth, so you can't ask them). So I had to split out "login" and "sign up" areas, including for non-Google mechanisms. Then in login area, prompted user for their email or login, make an xhr call to detect whether that account is using o8 or oAuth, and show the corresponding button (the button is just a Google button, looks the same either way but the link will be different for o8 vs oAuth).
I did this for a couple months before deprecating o8 and returning to the nicer single Google button setup. And just manually merged the accounts when a few users asked me why the Google button is not getting them back to their old account.May 16, 2013
- I would be asking for email permissions. Thanks!May 16, 2013
- could you blog or post that somewhere with a reshareable permalink? ThanksJul 27, 2013
- Jul 28, 2013