[OpenID] OpenID UX and IIW session
Praveen Alavilli
AlavilliPraveen at aol.com
Tue Nov 11 23:19:20 UTC 2008
One of the big problems with using checkid_immediate is that several
OPs break iframes - so there is no reliable way of doing async with
checks with out doing a redirect inside the same browser window or in
a popup.
On Nov 11, 2008, at 5:46 AM, George Fletcher <gffletch at aol.com> wrote:
> Hi,
>
> I'm sure there will be an IIW session on OpenID and UX so I wanted to
> ask that the following case be included in the discussion.
>
> If a popup window is used for the authenitcation flow (e.g. Facebook
> connect), then what do we do in the case that the user is already
> authenticated to their OpenID Provider and has previously given
> permanent consent to the site to receive their authentication (and
> possible SREG) data?
>
> I believe that right now, there would be a popup window flash. This
> seems like it might be a little scary for normal users.
>
> This could be mitigated by doing an "check_immediate" first but in
> that
> case, the user would have had to at least given their OpenID so that
> site could do discovery.
>
> I suppose we could try and rely on cookies, and cookie the user with
> their last chosen OpenID Provider, but this makes it difficult with
> users with multiple accounts from different OPs (and gets a little
> weird
> in the directed identity case). Also, I only allow cookies per session
> so that would break the experience for me as well.
>
> Thoughts?
>
> Thanks,
> George
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list