Fix for Google Federated Login API

If you noticed that Google Federated Login stopped working for your service, because a verification request (openid.mode:check_authentication) fails, then most probably it happens because of recent changes on Google side. I couldn’t able to find more information on this than this post by Google employee (?) on Google Groups.

If your service is built on Java and you use openid4java for OpenID, then most probably now login with Google attempts fail with error:

Verification failed for: https://www.google.com/accounts/o8/id?id=xxx reason: Direct signature verification failed.

To fix this, you need to reset assoc_handle on your request to Google. To do this, just after you create AuthRequest, set its hander to empty string (not null!).

AuthRequest authReq = manager.authenticate(discovered, "http://example.com/login/openid");
authReq.setHandle("");

One thought on “Fix for Google Federated Login API

  1. Fantastic post. I was struggling with this one but your post helped me fix it quick and easy.

Comments are closed.