Skip to main content
 

Embeds United!

I'm somewhat alarmed that there really isn't a "Life of a Widget/Embed" that has best practices on how to embed Google Content on third party sites.

Has anyone tackled this before? Obviously +1, adsense, youtube, maps, analytics and others all use their own mechanisms.

Is it time to consider deploying common infrastructure for these use cases? Especially for systems that require the ability to identify a Google user?

So here's my proposal.

* Use oauth2 semantics everywhere: tokens and api requests.
* Use a single bootstrap system to identify js domain, collect API keys as needed.
* Generate two new types of OAuth tokens that do not contain user info.
- 'Anonymous-by-domain'
- 'Anonymous-by-domain-by-api-key'
* Allow an account widget that can move you from anonymous -> identified -> authorized. (including multilogin, signin and account registration)

If all the various embeds used this common system we'd have a way to enable personalization on third party sites more easily and provide a clear way to go beyond.

Am I barking up the wrong tree?