Federated (OpenID) Login on Google Apps

14Oct10

Google provides a handy hybrid solution for single-sign-on + access authorisation for Google Apps with Federated Login — which is a combination of OpenID and OAuth.

Looking at Google’s OpenID documentation, we note that certain parameters are required to send an authentication request to Google in order for the user to log in using the service. (Steps 5 and 6 below.)

One of the parameters required in the auth request URL is the ”return_to” parameter. Importantly, note that this parameter is both required and needs to point to a currently valid domain. What this means, is that if you’re doing development internally, setting the “return_to” parameter to testing, or localhost, or similar, will cause the request to fail with a sufficiently cryptic, “The page you requested is invalid.” Even attempting to have the return sent to a port other than 80, eg. http://my.valid.domain:8080, will also cause the request to fail.

Unfortunately, all these requirements seem to have been assumed, and not documented on Google’s site.

A trick!

One trick to get around this no-local-testing conundrum is to set the return_to parameter to a subdomain (or otherwise) of a valid domain, eg. http://testing.my.valid.domain, and then set that address in /etc/hosts to point to your testing server.

Like this:

Be the first to like this post.

Filed under: Uncategorized | Leave a Comment
Tags: auth, federated login, google, oauth, openid

No Responses Yet to “Federated (OpenID) Login on Google Apps”

Feed for this Entry Trackback Address

Leave a Comment

No Responses Yet to “Federated (OpenID) Login on Google Apps”

Leave a Reply Cancel reply

Tags

Follow “slacker”