Google has created a few websites that demonstrate log in systems which use an account chooser to support identity providers based on federated login techniques such as OpenID.
Frequently Asked Questions
What features of the site are interesting to test?
Here are videos of basic scenarios, and you can try out these scenarios yourself on the live website.
The hardest part about designing the advanced site was to find a way to handle all the edge-cases that can happen with these types of identity providers. Google previously published a summary of best-practices for account-linking that describes why these types of identity providers are so much harder to support. However this demo provides a user self-service mechanism for all the tricky cases to avoid the costs that a website might otherwise occur if those users contact a customer support representative. It is based on this summary of the logic for complex IDPs. Note: need to update that summary with a pointer to the open source code.
Here are videos of advanced scenarios, and you can try out these scenarios yourself on the live website: Note: all these videos need to be updated to use the new OpenCart advanced site. Not sure if I should use Google as the IDP or a social network. If I use Google, the videos need to explain why Google is a mixed provider and that not all Google accounts are gmail accounts.
How were the websites built?
They were built by taking a popular e-commerce website package, OpenCart, and then extending the login system using the Google Identity Toolkit. That toolkit is designed to help any website use an account chooser with identity providers.
Does a website have to use the Google Identity Toolkit to support this user experience?
No. There are many vendors who support OpenID as well as open source tools. The accountchooser.com site also has information on how a site can build its own account chooser.
Where can I send feedback/questions about the sample site?
Send email to email@example.com or view the archives of that mailing list
My identity provider is automatically logging me into the sample site. How do I see the OpenID consent page again?
Most identity providers have a page in their account settings which allows a user to control the set of websites that they will be logged into automatically. Below are links to those pages for some identity providers:
I created an OpenID enabled account on the sample site. How do I change the account to use a password instead?
Click the Account tab and login. On the account management page click the “Change to legacy login” option to remove the OpenID association and add a password.
I created an account on the sample site. How do I delete it so I can try the account creation flow again?
Click the Account tab and login. On the account management page click the “Remove self from database.”
I keep forgetting where to find this FAQ, is there an easier way to find it?
Go to openidsamplestore.com
Some of the sample videos use a gmx.com e-mail address as an example of an email that is not directly OpenID enabled. But doesn't GMX support OpenID?
Yes, GMX supports OpenID. However they are not one of the identity providers supported in the current sample site. We hope to add support for other OpenID enabled email providers in the future, including GMX.