[OpenID] The "keep context" problem

Martin Atkins mart at degeneration.co.uk
Fri Jun 15 06:27:43 UTC 2007 

=drummond.reed wrote:
> Has anyone else had this same experience?
> 
> 1) You follow a link or navigate to a page on an OpenID-enabled wiki page
> that you realize you need to edit.
> 
> 2) You click the Edit button/tab/link and it presents an OpenID login box
> saying you have to login first.
> 
> 3) You enter your OpenID and successfully authenticate via your OP.
> 
> 4) The site returns a vanilla "login successful" page with a big smiley face
> saying welcome to the site!
> 
> But you're not wearing a big smiley face because your original context is
> completely lost. The "convenience" of being able to use an OpenID login
> means you now have to go back to the home page of the site and navigate back
> to the page you want to edit -- which you may not even know if you followed
> an external link to that page!
> 

This is not a problem inherent to OpenID. The Mediawiki plugin's RP code 
is flawed. There are a number of ways around this which vary in complexity:
  * Just add a query field to the return_to URL that contains the URL to 
send the user back to once authentication is completed. This is how most 
sites implement traditional "interrupting" login forms anyway.
  * Use your web framework's concept of "session storage" to remember 
where the user was before you did the redirect dance. This is kinda lame 
because it gets confused if the user does another auth-requiring action 
in a different tab or window.
  * Go Jyte-style and try to first do the authentication using an 
AJAX-type request and see if you can succeed without taking the user 
anywhere. If that fails, only then do you ask them to log in and you do 
one of the other options above. This only works if they've logged in to 
your site before and they've told their OP "Yes; every time"

The latter is, in my opinion, the best from a user experience 
perspective, but I would guess is near-impossible to do in situations 
like the MediaWiki plugin when you're trying to shoe-horn OpenID support 
into an app that was traditionally all about local user accounts. It's 
easy for Jyte because they are OpenID through and through. I'd be 
satisfied if the MediaWiki plugin would just do the first of these.

More information about the general mailing list