openid implementation advice
Martin Atkins
mart at degeneration.co.uk
Sat Feb 14 00:24:25 UTC 2009
Ben Clemens wrote:
> I really appreciate the reply, and I understand the large problems of
> breaking a security model; I imagine the “big button that spawns a
> pop-up” solution is where we will have to go. Perhaps I just have to
> accept the “least bad” scenario given the limitations that exist, but it
> is hard to “embrace.” :)
>
It's worth noting that most OPs will check by default the "Don't ask
next time" option, so a returning user who is already signed in to his
OP can be authenticated completely on your site with no visible pop-up
windows or redirects.
(You do need to do the OpenID flow in a hidden frame, but that's an
implementation detail the user doesn't need to know about.)
More information about the user-experience
mailing list