[wp-hackers] Should OpenID be in WP core?

Matt Mullenweg m at mullenweg.com
Fri Mar 9 03:17:47 GMT 2007


DD32 wrote:
> Idealy with openID, you dont want to create an extra account for them, 
> but aparantly, your forced to due to the way WP handles users(or 
> something, i cant find the reference for that right now).

My understanding of OpenID is that it's meant to be a replacement for a 
password, you still need an account on the site and you still need to 
"log in" like you normally would. I left a comment on an OpenID enabled 
blog the other day, here was the workflow:

1. I put in "matt.wordpress.com" instead of filling the three boxes for 
name/email/url, and I wrote my comment.
( I was logged in, else I would go through something else*. )
2. I press "comment" and it redirects me to matt.wordpress.com and asks 
me if I want to "trust" the blog, no, just this time, or always.
3. It then loaded a page with my name/email/url pre-filled, still on 
WordPress.com, and asked if I wanted to give this information to the 
aforementioned blog.
4. I said yes, and I went back to the comment page and everything was 
posted.

* If I hadn't been logged in:
1. The page tells me I'm not logged in, but doesn't give me a link to 
login because of phishing. I'm asked to go to a bookmark or type in 
WordPress.com.
2. I type in the URL to login.
3. After I login and it redirects me to my admin page, a little notice 
says there's a openid thingy in progress, and has a link.
4. If I click the link it puts me back to #2 above.

This is similar to what I did when I registered for ma.gnolia.com or 
Zooomr with OpenID. I still have accounts at both, just no password and 
"matt.wordpress.com" is my username .

-- 
Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com


More information about the wp-hackers mailing list