Project

General

Profile

What's the benefit of OpenID module as it is now?

Added by Tom S over 14 years ago

Hi,

I installed the latest version of Redmine with idea to make it easier for my users to participate in discussions or open an issue. However, I'm quite disappointed with the current level of OpenID integration...

I've tried to create test accounts using two different OpenID providers (Google and Yahoo) and for both, after logging in on the provider's site, I end-up on the registration form requiring me to fill out all required fields. This is not what would I expect if a site supported OpenID login and I think this is serious usability issue. Not only that user has to provide all data but he/she can be additionally frustrated by OpenID support not working as expected.

So, I really wonder what's the benefit of the OpenID login in this state? Am I missing something? Are there any popular providers that give better level of integration?

Please, don't take this as bashing on the feature. The Redmine is really great but OpenID integration is confusing me.

Tom


Replies (12)

RE: What's the benefit of OpenID module as it is now? - Added by Eric Davis over 14 years ago

Check that your OpenID providers are sending the sreg information which contains your nickname, full name, and email. If they aren't, Redmine cannot create a user for you so it presents the registration field.

Eric

RE: What's the benefit of OpenID module as it is now? - Added by Tom S over 14 years ago

Thanks for replying Eric but that doesn't actually answers my questions.

I think it should be sufficient for Redmine to obtain user's email address to allow login. I don't really care about full names and Redmine should not ask user for logged in via OpenID to set password. (If I wanted that I probably would not be enabling OpenID.)

I don't see that Google sends sreg information with email. But... does Redmine require email from Google? I've found this link that could be useful in obtaining email by Redmine: http://stackoverflow.com/questions/787894/ruby-openid-requiring-email-address-from-openid-provider
So, this looks possible but I don't know Ruby at all (and unfortunately don't have time for experiments) to try fixing this by my self.

Tom

RE: What's the benefit of OpenID module as it is now? - Added by Eric Davis over 14 years ago

Tom S wrote:

I think it should be sufficient for Redmine to obtain user's email address to allow login. I don't really care about full names and Redmine

If the OpenID provider doesn't send that data to Redmine, Redmine cannot create a user automatically. A login, first name, last name, email address, and password are required for all Redmine users. When logging in via OpenID, we can generate a random password but we cannot generate the other fields.

should not ask user for logged in via OpenID to set password. (If I wanted that I probably would not be enabling OpenID.)

I agree with you about this, that area could use a bit of work (i.e. successful OpenID login but missing data).

Eric Davis

RE: What's the benefit of OpenID module as it is now? - Added by Ben Oakes over 14 years ago

Tom S wrote:

I think it should be sufficient for Redmine to obtain user's email address to allow login. I don't really care about full names and Redmine should not ask user for logged in via OpenID to set password. (If I wanted that I probably would not be enabling OpenID.)

FWIW, this is how many services that use OpenID work. I have a feeling that it's just a fact of life (unless the provider sends enough sreg information).

RE: What's the benefit of OpenID module as it is now? - Added by Tom S over 14 years ago

Yes, I understand that if provider doesn't send enough info Redmine will not be able to register user properly. I guess I'm disappointed because, from my point of view, this module doesn't help user to register easier/faster. If major OpenID providers don't send basic user information then what's the point in having this module?

However, I didn't start this topic to criticize but to see if I'm missing something. To be a bit constructive... It would be great if Redmine could allow user to post a message or whatever right after login via OpenID provider. For example, there could be a separate group and user called "Anonymous via OpenID" (or even "Anonymous via Google OpenID") for that purpose. User should have a chance to "upgrade" his status providing additional registration details (and get own account) but until then all posts would be under one generic dedicated account.

Does this make any sense?

RE: What's the benefit of OpenID module as it is now? - Added by Berin Loritsch over 14 years ago

http://openid.net/developers/specs/

The application can make a separate request for information if it is not supplied automatically (See Open ID Attribute Exchange). The openID provider will verify that this is OK with the user first. At least this is how MyOpenID.com does it, and they let you select from one of your "personas" that you want to be known by.

The requests have to be done properly to ensure the attribute exchange always happens.

RE: What's the benefit of OpenID module as it is now? - Added by Gábor Molnár over 14 years ago

Hi!

I opened a ticket for it: Attribute exchange with OpenID providers . I hope this will be fixed in the near future.

Eric Davis: thanks for the work you did to implement OpenID support, i think this is a very important thing!!

Gábor

RE: What's the benefit of OpenID module as it is now? - Added by Eric Davis over 14 years ago

Redmine does send the OpenID provider a request saying "nickname", "fullname", and "email" are required by Redmine. source:trunk/app/controllers/account_controller.rb#L173

I use MyOpenID.com and it exchanges the attributes with Redmine correctly. That's how I know the sreg works. If I'm wrong, I'd gladly take a patch or a test. :)

Eric Davis

RE: What's the benefit of OpenID module as it is now? - Added by Gábor Molnár over 14 years ago

I tried Google as a provider and it doesn't even asks me if it can send these informations (thats why i thought redmine doesnt send the attribute exchange request), but if i try to sign in with google to other OpenID-enabled sites, Google asks me if it can send my personal data or not. Do you think that the attribute exchange implementation of google and myopenid.com is different?

RE: What's the benefit of OpenID module as it is now? - Added by Eric Davis over 14 years ago

Gábor Molnár wrote:

Do you think that the attribute exchange implementation of google and myopenid.com is different?

Could be. I'm planning to rework some parts of the authentication system soon so I'll take a look at the OpenID implementation then.

Eric Davis

RE: What's the benefit of OpenID module as it is now? - Added by anne thomas about 12 years ago

Tom S wrote:

Hi,

I installed the latest version of Redmine with idea to make it easier for my users to participate in discussions or open an issue. However, I'm quite disappointed with the current level of OpenID integration...

I've tried to create test accounts using two different OpenID providers (Google and Yahoo) and for both, after logging in on the provider's site, I end-up on the registration form requiring me to fill out all required fields. This is not what would I expect if a site supported OpenID login and I think this is serious usability issue. Not only that user has to provide all data but he/she can be additionally frustrated by OpenID support not working as expected.

So, I really wonder what's the benefit of the OpenID login in this state? Am I missing something? Are there any popular providers that give better level of integration?

Please, don't take this as bashing on the feature. The Redmine is really great but OpenID integration is confusing me.

Tom

There are lots of modules which support OpenID, and Facebook, Twitter, LinkedIn, Yahoo are popular providers.
We no need to require user registration if we using OpenID module.
Recently I added Social Login module in Joomla which provides multiple social login so that user easily can login through one of them.

RE: What's the benefit of OpenID module as it is now? - Added by anne thomas about 12 years ago

OpenID is an authentication technique. OpenID module provides login from multiple providers like Google, Yahoo, etc. Users use their existing online identity such as Gmail, Yahoo, Facebook etc to log in to websites.

    (1-12/12)