Login with another OpenID

Martin Atkins mart at degeneration.co.uk
Thu Jan 17 18:40:14 UTC 2008


Takeru INOUE wrote:
> 
> I found that behavior of OPs is not defined when users re-login with a
> different OpenID.
> 
[snip]
> 
> I did experiments with some OPs, and got the following results:
> 
> - Some OPs returned an error of "authentication failed".
> - In other OPs, session of OpenID-1 (not OpenID-2) remained, and the
> user was not redirected to the RP.
> 
> Anyway, the user failed to re-login.
> 	
> I discussed this issue with Japanese OpenID people, and I believe that
> the following action is a good practice:
> 
> "If username of OP is different with the claimed OpenID, the OP should
> make the user logout."
> 

I think it'd be even better if the OP would allow you to stay "logged 
in" to several accounts at once. In the basic OP case, all that being 
logged in really means is that a particular OpenID identifier is 
associated with your session as being authenticated. Why not just add 
another to that set?

This will, of course, prove troublesome for sites which provide both 
OpenID service and some other service under the same session 
infrastructure, such as LiveJournal. However, it's not a mandate, just a 
(potentially) recommended practice.





More information about the user-experience mailing list