[OpenID] Facebook support for OpenID. Where?

[Manger, James H]

Luke’s immediate constraint of introducing OpenID with no design changes to the Facebook front page is interesting.



Currently, if you are not logged into your OP (or it rejects checkid_immediate for any other reason) you cannot login to Facebook with OpenID from their front page. I wonder if clicking the “Log in” button without filling in the email address or password fields could be a (not totally unintuitive) signal to trigger a checked_setup OpenID flow.



Currently, if your browser does not have Facebook’s “openid_p” cookie there is no way to login with OpenID – you have to use your Facebook password. I wonder if clicking “Log in” after filling in your email address, but leaving the password field blank, could be a signal to try an OpenID flow (probably checkid_setup)?



[This option has a slight privacy implication. It allows anyone to determine which OP a given email is associated with (enter the email address and see which OP you are redirected to). I doubt this is a blocker, and a preference to disable the feature could be introduced if it is important.]





André,

The only functionality on the Facebook front page is “Log in” and “Sign Up” – there is no other content. Hence automatic login without an explicit prompt seems quite reasonable. Going to the page was an explicit decision by a user to login.





James Manger
James.H.Manger at team.telstra.com<mailto:James.H.Manger at team.telstra.com>
Identity and security team — Chief Technology Office — Telstra



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090521/fec37a64/attachment.htm>