No. There are many vendors who support OpenID as well as open source tools. The accountchooser.com site also has information on how a site can build its own account chooser.
Google has created a few websites that demonstrate log in systems which use an account chooser to support identity providers based on federated login techniques such as OpenID.
openidsamplestore.com/basic: Only supports identity providers that are email providers. This requires much less work by the website owner then the next demo.
Also try the mobile login experience
openidsamplestore.com/advanced: Supports identity providers who are not always the user's email provider. These types of identity provider require much more work by the website as described below.
openidsamplestore.com/social: Extends the advanced demo to also support a local social graph on the site that allows users to follow people they find on the site, and to bring in their friends from their social network. Note: This demos social features can be slow, so sometimes you need to a wait a few minutes or just try again/
Frequently Asked Questions
What features of the site are interesting to test?
Here are videos of basic scenarios, and you can try out these scenarios yourself on the live website.
An overview of an account chooser Note: video needs to be updated to use the demo OpenCart basic site
An existing user on the site upgrading to OpenID Note: video needs to be updated to use the new OpenCart basic site
A new user registering for the site with OpenID using a button or by just using their email address Note: video needs to be updated to use the new OpenCart basic site
Using the website’s mobile app (to download the mobile app yourself, search the Android Marketplace for openid and you should see it listed). The mobile app was built using this industry technique. Note: video needs to be updated to use the new OpenCart basic site and new Android app. Should also have a video of the iphone app. And the technique article needs a pointer to open source code locations.
How does the advanced demo work for identity providers who are not E-mail providers, such as social networks?
The hardest part about designing the advanced site was to find a way to handle all the edge-cases that can happen with these types of identity providers. Google previously published a summary of best-practices for account-linking that describes why these types of identity providers are so much harder to support. However this demo provides a user self-service mechanism for all the tricky cases to avoid the costs that a website might otherwise occur if those users contact a customer support representative. It is based on this summary of the logic for complex IDPs. Note: need to update that summary with a pointer to the open source code.
Here are videos of advanced scenarios, and you can try out these scenarios yourself on the live website: Note: all these videos need to be updated to use the new OpenCart advanced site. Not sure if I should use Google as the IDP or a social network. If I use Google, the videos need to explain why Google is a mixed provider and that not all Google accounts are gmail accounts.
An existing user on the site linking their account to an identity provider
A new user registering for the site by using the button of an identity provider or by just using their email address
A user who changes their email address on their identity provider and the really hard edge case where the new email address matches a second existing account on the site
How were the websites built?
They were built by taking a popular e-commerce website package, OpenCart, and then extending the login system using the Google Identity Toolkit. That toolkit is designed to help any website use an account chooser with identity providers.
Does a website have to use the Google Identity Toolkit to support this user experience?
Where can I send feedback/questions about the sample site?
Send email to openidsamplestore@googlegroups.com or view the archives of that mailing list
.
My identity provider is automatically logging me into the sample site. How do I see the OpenID consent page again?
Most identity providers have a page in their account settings which allows a user to control the set of websites that they will be logged into automatically. Below are links to those pages for some identity providers:
Yahoo Account Settings for OpenID
Google Account Settings for OpenID
I created an OpenID enabled account on the sample site. How do I change the account to use a password instead?
Click the Account tab and login. On the account management page click the “Change to legacy login” option to remove the OpenID association and add a password.
I created an account on the sample site. How do I delete it so I can try the account creation flow again?
Click the Account tab and login. On the account management page click the “Remove self from database.”
I keep forgetting where to find this FAQ, is there an easier way to find it?
Go to openidsamplestore.com
Some of the sample videos use a gmx.com e-mail address as an example of an email that is not directly OpenID enabled. But doesn't GMX support OpenID?
Yes, GMX supports OpenID. However they are not one of the identity providers supported in the current sample site. We hope to add support for other OpenID enabled email providers in the future, including GMX.
Eric Sachs
Product Manager