Last month, Facebook announced that users would soon be able to login to the site via OpenID. Today, Facebook has officially become an OpenID relying party: users can now register for Facebook using their Gmail accounts and any OpenID provider that supports automatic login. As such, Facebook has become the largest OpenID relying party on the web.
Now, once users link their Facebook account to a Gmail address (or OpenID URL), they’ll be automatically logged in when they go to Facebook after having logged into that service. Facebook says that in its user testing so far, users who register through OpenID actually get engaged with Facebook more quickly than others.
“In tests we’ve run, we’ve noticed that first-time users who register on the site with OpenID are more likely to become active Facebook users. They get up and running after registering even faster than before, find their friends easily, and quickly engage on the site. We’ll continue to integrate more OpenID providers into our registration and account linking flows as they support automatic login,” Facebook says.
To link an existing account with a Google or OpenID account, users can go to their Account Settings page and choose an account in the Linked Accounts section. Yahoo and MySpace are also listed here, but a Facebook prompt says “Note that your accounts from Myspace and Yahoo do not allow for automatic login.”
We recently spoke with Facebook engineer Luke Shepard, who represents Facebook on the OpenID Foundation board, to get his perspective on Facebook’s OpenID integration.
Inside Facebook: Luke, why is Facebook integrating OpenID support?
Luke Shepard: The primary motivation for us is to accept OpenID for new users registering for Facebook. For now, that means through Gmail, though more providers will be coming soon. Google released their address book API a few months ago through OpenID, and we’re using that. The response has been pretty positive so far in our user testing.
In addition, for existing users, we’re offering a feature for you to login automatically if you have an account with an OpenID provider. For example, I have a Gmail account. Every day, I open up my browser and go to Gmail and Facebook, and now you can be automatically logged into Facebook after logging into Gmail.
Which other companies have support coming soon?
Yahoo has been an OpenID provider for over a year and is on the verge of supporting automatic login. Microsoft hasn’t launched as a provider yet, but will sometime. The big three will be covered pretty soon.
What steps did Facebook take to overcome some of the user experience challenges that have hindered OpenID?
One thing we did was we skipped some of the hard part. Probably the most difficult open question in the OpenID community is how do you get a user to register with an OpenID for the first time. We’re skipping that for existing users right now to make sure we get the underlying system working. We’re working on a lot of ideas for how we can present that to the user after we launch – like how to do OpenID login in a popup and keeping users on the page versus sending them off to another site.
We’re a major identity provider with the Facebook Platform and Facebook Connect. We’ve been trying to do a good job on this for apps, and this is a good chance for us to eat our own dogfood with identity and learn what we can do better for apps in the future.
There are very few sites that support the background automatic login in OpenID, but this is a core part of the Facebook Connect experience. Others haven’t done this yet because it’s pretty difficult technically. When designing our OpenID implementation, I was drawing on several Facebook engineers here to learn from how we did various things with Connect. It’s also still rapidly evolving.
Other relying parties will get the cookies, but they’ll usually redirect you to the provider and then you’ll be directed back, but there are a lot of risks with that approach because when you’re a site like us where we’re bigger than almost all the providers were going to be using, it’s important for us not to send them off to a site and have a bad experience.
What other designs have you seen that have worked well?
Currently the best approach out there is what Chris Messina has caleld the “NASCAR” approach (putting a bunch of buttons up for the user to choose). Currently we’re trying to avoid that approach with a couple sidesteps:
- For new users who we know have a Gmail account, we can show them one big Gmail button, and we’d like to expand that to other providers.
- We’re also letting existing accounts link.
Can users login to sites with Facebook Connect through Gmail and OpenID as well, or just Facebook.com?
Only facebook.com. Right now, we’re trying to get something out to users and figure out what is the smallest set of functionality that we can roll out, because it involves laying a lot of the groundwork from a security perspective. Now that we’ve laid the groundwork there’s a bunch of iterations we can do.
Why have you been such a big internal advocate of OpenID at Facebook?
The company is really big into open standards and open source already from the highest level – Mike Schroepfer came from Mozilla. Basically everything here is open source, like Thrift. It’s not like I’m fighting a battle, I’ve just found that my role is to learn what’s going on in the community and educate what’s going on inside the company.
In the long run, i think we’ll see that open standards are ultimately what win. Part of what we’re trying to figure out is how do we get there and how does our product work with open standards. Using the popup and doing the background approach aren’t things that the OpenID commuinity hasn’t really pushed yet, but they’re core to the Facebook Connect product. We want to try to help incorporate these back into the OpenID community.
Is the OpenID movement good for Facebook?
I think it’s good for Facebook in two ways. First, registration rates: OpenID clearly makes registration easier for users, which is good for growth. Our growth team tries everything, so I think this will increase our growth rate.
Second, if we participate in open standards and help define them and work to have our innovations contributed, it’s ultimately going to lead to a better product than trying to fight them.
What’s your relationship with Google been like working on this?
We’ve been talking with them to make sure it works well, but we were able to get it working with the public API documentation.
Thanks Luke – any final thoughts?
This is still an early version, and not yet a finished product. There should be more iterations soon.