OpenID login to meta?

(Bulb) #1

I thought @codinghorror was big proponent of OpenID. And apparently Discourse does support OpenID. So I am wondering, why couldn’t I create account using my (arbitrary) OpenID URL?

I also tried to log in with GitHub and it didn’t seem to work. Anyway, that wasn’t my preferred way of logging in.

(Jeff Atwood) #2

I am a big proponent of third-party auth.

OpenID was good while it lasted, but there are better alternatives now with oAuth 2.0 – OpenID made some bad assumptions.

(Bulb) #3

OpenID allows me to identify with an URL of my choice and use a provider of my choice to do the authentication and the site I am identifying myself to does not need to know about provider I want to use in advance. As far as I know oAuth can still only authenticate against predefined providers. Which is not what I want.

(Jeff Atwood) #4

The main broken assumption in openid was failure to associate email with user identity. Without email, we have no way to reach users.

(Jens Maier) #5

Sure, because OpenID is an authentication mechanism, not an identity provider. It replaces the password verification, not the signup form.

(Bulb) #6

That’s user’s interest to provide valid email address (and OpenID provides it, it just isn’t verified).

Besides, you can still verify it just like when registering with password and like did few minutes ago when I registered with OpenID.

That’s fine. I don’t want to use account from some other serivce here. I only want to avoid yet another place that I need password for.

(Jens Maier) #7

Precisely. You create a new local account, activation email and all. The only difference is that you don’t exchange a shared secret (i.e. password) but an authenticated OpenID identifier.

Unfortunately, this is objectively less convenient then signing in through an OAuth2 provider, and convenience trumps all.

Hence WhatsApp has half a billion active users and XMPP/OTR is for paranoid nerds.

(Bulb) #8

Convenient and objective don’t go together. There are people who have OpenID and may not have or want to use accounts at the selected oAuth providers and for them OpenID is more convenient. oAuth might be convenient for more people, but that still does not mean OpenID should not be possible.

(Jens Maier) #9

My point was that given the choice, Google OAuth2 is minimally more convenient then OpenID. But yes, sure, if the app doesn’t support any OAuth providers known to you, then OpenID is more convenient in the same way riding a bike is more convenient then getting a cab when the zombie apocalypse has killed all cab drivers.

Anyway, weird comparisions aside, I fully agree with you that OpenID authentication would be very nice to have. I guess the sarcasm in my previous post was a bit too subtle. :wink:

(Strk) #10

I’m also missing the possibility to login via OpenID from any Discourse installation I found out there. Is it supported at all ?

(Strk) #11

For what is worth, chances are that implementing dynamic-client-registration for OpenID Connect would give users the same freedom as OpenID-2.0 (authenticating self via an arbitrary URL).
To be confirmed: Final: OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1

Please help keeping the Internet a decentralized place :slight_smile: