Hybrid: Plaxo and Google collaborate on improved OpenID and OAuth user experience

Hybrid (photo by Burning Image)

Hybrid (photo by Burning Image)

Late last week, Plaxo and Google unveiled an implementation – currently in limited testing mode – of OpenID and OAuth working together to create an improved user experience. In essence, the implementation affects Gmail users receiving invites to join Plaxo Pulse. They call this a “hybrid approach” and I think it will have a significant impact as it significantly simplifies the flow.

Plaxo created a custom landing page, based on knowing that the user received the invite at a gmail address, which means that the user has a google account, which means that the user also has an OpenID. (It wasn’t clear to me if the landing page is triggered by a query string parameter or wholly different url embedded in the invite itself, or by a referrer check or the like).

Given that knowledge, the landing page offers just two choices: one big button labeled “Sign up with my Google Account” and a non-graphic link which says “Or, use another address.”

If the user clicks “Sign up with my Google Account,” they get the optimized flow, and get a consent page served by Google which tells the user what they are being asked to consent to, including their gmail address and a request to allow Plaxo to access their Google contacts.

What’s great about it is that when the user accepts, they’ve used OpenID to authenticate to Plaxo based on their Google Account, and they’ve used OAuth to authorize Plaxo to access their Google contacts – but the process never mentions either standard. It’s two great things which are even better working together, and it creates a better user experience.

Technology, like design, is at its best when it disappears.

Peanut Butter Cup Heart (photo by Bob Fornal).

Peanut Butter Cup Heart (photo by Bob Fornal)

Of course, similar kinds of behavior can be accomplished through Facebook connect – but the difference in this case is that both Plaxo and Google are big supporters of the concept of the “open stack.” All the technologies involved are open, in the sense that they can be implemented by any party (and in fact have associated open source libraries in multiple languages to ease that implementation). To top it off, the whole implementation itself is being released as an open source project called step2.

This means that the same approach – requesting an OAuth token (access to some particularly scoped functionality, like Google contacts access in this example) as part of an OpenID authentication exchange – can be (and most certainly will be) used by Plaxo with other webmail providers, by Google with other social networks / membership sites, and in contexts where neither Google nor Plaxo have any involvement.

For more info:

Did you like this? Share it:
2 Comments. Leave a comment or send a Trackback.
  1. #1 • Bill said on April 7 2011:

    I think you’re bang on with the statement…

    “Technology, like design, is at its best when it disappears”

    Unfortunately, the ego of the designer and inventor many times crave the attention of people applauding their brilliant work.

    But if you want to get any real user traction and uptake on something, make it super easy for them to use and the world may literally beat a path to your door.

  2. #2 • Isabelle Long said on April 15 2011:

    Looking back and with the benefit of hindsight we have right now, did this collaboration of Plaxo and Google a boon or bane for users?