[OpenID] User and password instead of OpenID URL?
Martin Atkins
mart at degeneration.co.uk
Wed Oct 31 18:25:14 UTC 2007
thomas Armstrong wrote:
> Hi.
>
> I create web tools using OpenID for my customers. One of them don't
> like it and find it "hard to understand" because it forces users to
> type their "OpenID URL" instead of their user and password.
>
> I try to explain it that OpenID is more comfortable for users because
> it doesn't require user+passwd every time and you must remember only
> one URL.
>
> But all my systems are designed to use OpenID as a SSO. Do you have
> any experience switching from OpenID URL to user+pass without removing
> the OpenID server?
>
Assuming you have a closed system where the consumers and servers are
both run by you, perhaps you can adapt your consumer implementation to
accept a username and turn it into a full URL to do authentication.
That is, if the user enters the username "fred" you could transform it
into http://fred.example.com/ before doing the OpenID request, thus
avoiding the need to enter a URL.
If you want to support both at once, you could just have a single box
and only do the above transform if what the user enters looks like a
username rather than a URL. (For example, if it's entirely alpha-numeric.)
More information about the general
mailing list