Feature #114

Improve OpenID workflow, perhaps by restricting to small set of providers

Added by Chris Cannam over 13 years ago. Updated over 13 years ago.

Status:NewStart date:2011-03-25
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Problems:

  • OpenID login/registration workflow is confusing
  • OpenID URL is an unclear concept for common use cases because it depends on the provider

Likely current flow for OpenID use with this site (assuming user is familiar with OpenID):

  1. Go to login page
  2. Notice an "OpenID URL" box, wonder if we can just fill that in
  3. Decide we're not brave enough: click Register link instead
  4. Notice the title says "Register or login with OpenID" (the latter being a link); click that link
  5. Find ourselves back at login page
  6. Enter OpenID URL (assuming we know it; it's very hard to discover for Google accounts particularly) and hit Login
  7. Get sent off to OpenID provider for password (if not already logged in with them)
  8. Find ourselves back at registration page, facing an error message because of incomplete details; some fields may have been filled in, but we're still being asked for a mandatory username and password (why? especially why the password, if we're using OpenID?)
  9. Fill in all details, hit Register
  10. Wait for admin approval
  11. Blah, blah, blah

Nobody's going to use this -- I couldn't even remember how to use it myself when I tested it just now for the purposes of fact-checking for this report.

What we want is something like

  1. Go to login page
  2. Notice beneath the login box a separate link saying e.g. Log in with your Google account; click on that
  3. Get sent off to Google for password (if not already logged in with them). Note ideally user wouldn't have to supply the Google account name to this site at all, only log in to Google with it
  4. If we don't have an account here associated with the Google account yet, find ourselves back at registration page but with no password fields visible and (ideally) with the login name pre-filled to the closest available name to our Google account name. (If we did have an account here already, we should now be logged in to it.)
  5. Hit Register
  6. Wait for approval, etc

Also available in: Atom PDF