Industry Leaders Lead: Google Asks Developers to Migrate from OpenID 2.0 to OpenID Connect 1


In 2015, waves of disruption are coursing through the Internet identity ecosystem as standard development organizations, companies and governments look to bolster the security and privacy of the information they are charged with protecting.

Implementing the latest open standards is one of the many practical steps identity providers and relying parties can take now to secure the identities of people accessing websites and apps. Industry leaders like Google are adopting the OpenID Connect protocol and migrating away from OpenID 2.0 to enable better privacy controls and stronger authentication. Released last year, OpenID Connect helps website and application developers get out of the business of storing and managing passwords – especially in the face of the increasing attacks that have compromised the identities of hundreds of millions of people worldwide.

Google recently announced to its developer ecosystem that they should migrate to OpenID Connect by April 20, 2015, the deadline when OpenID 2.0 will no longer work for Google Accounts.

Along with Google, other OpenID Foundation members including Microsoft, Salesforce, Ping Identity, and ForgeRock as well as companies such as Amazon, are adopting and deploying OpenID Connect. This is a signal to organizations worldwide that the tide is turning in the fight against identity theft and cybercrime. OpenID Connect will increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers.

For questions and information on OpenID Connect please turn to the following resources:


Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “Industry Leaders Lead: Google Asks Developers to Migrate from OpenID 2.0 to OpenID Connect

  • Damian Yerrick

    One difference I’ve found with OpenID Connect is that each relying party needs to obtain a client ID/secret pair from each provider. Not only is this an N^2 problem, but it’s not even automatic, as key providers are declining to implement Dynamic Client Registration.