[wp-hackers] Should OpenID be in WP core?
Matt Mullenweg
m at mullenweg.com
Fri Mar 9 03:17:47 GMT 2007
DD32 wrote:
> Idealy with openID, you dont want to create an extra account for them,
> but aparantly, your forced to due to the way WP handles users(or
> something, i cant find the reference for that right now).
My understanding of OpenID is that it's meant to be a replacement for a
password, you still need an account on the site and you still need to
"log in" like you normally would. I left a comment on an OpenID enabled
blog the other day, here was the workflow:
1. I put in "matt.wordpress.com" instead of filling the three boxes for
name/email/url, and I wrote my comment.
( I was logged in, else I would go through something else*. )
2. I press "comment" and it redirects me to matt.wordpress.com and asks
me if I want to "trust" the blog, no, just this time, or always.
3. It then loaded a page with my name/email/url pre-filled, still on
WordPress.com, and asked if I wanted to give this information to the
aforementioned blog.
4. I said yes, and I went back to the comment page and everything was
posted.
* If I hadn't been logged in:
1. The page tells me I'm not logged in, but doesn't give me a link to
login because of phishing. I'm asked to go to a bookmark or type in
WordPress.com.
2. I type in the URL to login.
3. After I login and it redirects me to my admin page, a little notice
says there's a openid thingy in progress, and has a link.
4. If I click the link it puts me back to #2 above.
This is similar to what I did when I registered for ma.gnolia.com or
Zooomr with OpenID. I still have accounts at both, just no password and
"matt.wordpress.com" is my username .
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers
mailing list