[OpenID] About Facebook, MySpace and OpenID

SitG Admin sysadmin at shadowsinthegarden.com
Sun Apr 5 03:48:13 UTC 2009

>With Google, the user can't opt-out of sending the email address. 
>Either Google totally ignores the email request because it's in 
>if_available, or the RP puts it in 'required', and then Google won't 
>complete auth at all without the user's consent to include the email.

So the RP would need to have some way of offering the user this 
option before they left to go authenticate, increasing the work Gmail 
users must do just to leave a comment. We could (with only a tiny bit 
of work) intelligently respond to this for Gmail users only, but 
without ways of identifying these ahead of time we'd have to present 
the user with an extra page once we recognized a Gmail URI, instead 
of sending them directly to their OP; this would, unless Gmail users 
were the majority of our OpenID commenters, be necessary to *avoid* 
confusing non-Gmail users, since we wouldn't want to put that option 
in our primary interface where, for most, it wouldn't matter. (Users 
with Gmail and at least one other OP might be discouraged from using 
Google as their OP, for that reason.)


More information about the general mailing list