Login with another OpenID

Chris Messina chris.messina at gmail.com
Thu Jan 17 21:33:33 UTC 2008


This is a good case to point out and document. Ma.gnolia actually
handles this pretty well by allowing you to "associate" more than one
OpenID with your account. In the case that you describe, where someone
already has an account with the RP, perhaps there should be some kind
of meta link in the footer or header called "account management" where
you're able to do account consolidation.

Blinksale and Ma.gnolia both have good flows for this as does the
WordPress OpenID plugin; that is, if you're logged into an account,
you can associate an additional OpenID to your account, thereby
solving the problem described here.

It does seem like documenting this best practice publicly would make
sense. I'll take a crack at it.

Chris

On Jan 17, 2008 10:40 AM, Martin Atkins <mart at degeneration.co.uk> wrote:
> Takeru INOUE wrote:
> >
> > I found that behavior of OPs is not defined when users re-login with a
> > different OpenID.
> >
> [snip]
> >
> > I did experiments with some OPs, and got the following results:
> >
> > - Some OPs returned an error of "authentication failed".
> > - In other OPs, session of OpenID-1 (not OpenID-2) remained, and the
> > user was not redirected to the RP.
> >
> > Anyway, the user failed to re-login.
> >
> > I discussed this issue with Japanese OpenID people, and I believe that
> > the following action is a good practice:
> >
> > "If username of OP is different with the claimed OpenID, the OP should
> > make the user logout."
> >
>
> I think it'd be even better if the OP would allow you to stay "logged
> in" to several accounts at once. In the basic OP case, all that being
> logged in really means is that a particular OpenID identifier is
> associated with your session as being authenticated. Why not just add
> another to that set?
>
> This will, of course, prove troublesome for sites which provide both
> OpenID service and some other service under the same session
> infrastructure, such as LiveJournal. However, it's not a mandate, just a
> (potentially) recommended practice.
>
>
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>



-- 
Chris Messina
Citizen-Participant &
  Open Source Advocate-at-Large
Work: http://citizenagency.com
Blog: http://factoryjoe.com/blog
Cell: 412.225.1051
IM: factoryjoe
This email is:   [ ] bloggable    [X] ask first   [ ] private



More information about the user-experience mailing list