Concept of Google Credential Provider for Windows

According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against their company's G Suite account and possibly regular Google accounts.

Windows uses credential providers to authenticate users when they login to Windows and ships with standard providers such as authentication using passwords, Windows Hello, a smart card, or a PIN. Third-party developers can also create their own credential provider and register it with Windows so users can login using a third-party authentication process.

In this case, the Google Credential Provider appears to allow users to login using Google Accounts and ID Administration (GAIA) ids created by G Suite administrators. GAIA is Google authentication and authorization system that provides users with access to various Google services.

Adding this feature will allow Google to further penetrate the Enterprise market by integrating Windows 10 directly into their G Suite platform.

Google Credential Provider for Windows

This new provider was spotted yesterday after it was uploaded to the Chromium Gerrit site, which is used by Chromium devs to perform peer code review. Titled "Google Credential Provider for Windows", this project is part of Chromium and is being developed by Chromium dev Roger Tawa.

Google Credential Provider for Windows Project

When BleepingComputer reached out to Tawa regarding this new feature he told us "There isn't much more for me to add on top of the CL description". With little information available from the developer and only a title to go on, we took a dive into the source to try and figure out what this project will do.

According to the source, the Google Credential Provider will be installed through a setup executable named gcp_installer.exe. This executable will include the gcp_setup.exe, startchromeonfirstlogin.cmd, gaia1_0.dll, and gcp_eventlog_provider.dll files. This setup executable will have a description of "Google Credential Provider installer".

Setup File Information

When the installer is launched it will register the Google credential provider dll, gaia1_0.dll, at the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{0B5BFDF0-4594-47AC-940A-CFC69ABC561C} Registry key. It will also configure Chrome to launch automatically when the user logs in for the first time by adding a link to the startchromeonfirstlogin.cmd file into the user's Startup folder.

Start Chrome on First Logon

On the next reboot, the provider should now be available as an additional sign-in option. You can see an example of what it may look like in the mock up below.

Concept of Google Credential Provider for Windows

When a user logs in with their GAIA ID, the credential provider will authenticate the user using Google's OAuth 2.0 api. If the credentials are correct, the provider will automatically log the user into their profile or create a new one.

While Chrome appears to be required for the authentication process, it is unknown why it is necessary. BleepingComputer has asked Tawa and Google's PR team why Chrome is required, but they are not ready to provide any more information at this point. If there is anything I missed in the source code, feel free to shoot me a message and I will get the article updated.

Furthermore, as this feature is still in the code review process, the whole feature may be scrapped or the names, filenames, other information may change. For now, though, it is definitely an interesting project to keep an eye on.