Openid is a great way to let users authenticate themselves against an account they have and trust with another provider. For more information visit Openid.net.
This document discusses the openid implementation on the knarly platform and how administrators can opt in/out of support for openid vs the traditional method of creating a new account.
A user does not neccessarily need to create an account with personal details. E.g. Provide a username or a password, or indeed share their email. They are signed in as a unique anonymous user, their username has not been defined and they will have no identity for which users can communicate. Neither can they recieve messages without first providing an email. So the user must have the ability to create a regular account (omitting a password as they prefer). And keep the unique identity they possessed as an unique anonymous user.
Conversely a regular user must be able to add edit their openid's, sign in with an openid and then into their regular account to associate the two.
Initial Login
A few suggestions on how to best provide a clean login which accomodates both coventional username:password and openid logins.
- Provide a link with "login with openid" or represent with the
for a more discreet login. - Create an omni username / openid box whereby the user may start typing http:// and use behaviours to thus determine whether the password box is required. Note: Facebook nor Google use bespoke urls, thus a button is required, for users to authenticate with these accounts.
Popup or not to popup
A popup with the users providers login page is a neat solution which shows that they are being redirected. AOL seems to have geared their login to fit a small popup window. Whilst the community as a whole seems divided and documentations recommends that the whole browser window is redirected to the new server.
Knarly aim to implement limited support for openid authentication by April 2009.