DISQUS

Hello! CuppaDev is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

www.cuppadev.co.uk Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- James Urquhart
  15 comments · 1 points
- Ben Garney
  3 comments · 1 points
- steveluscher
  1 comment · 1 points
- color_chart
  1 comment · -1 points
- Artificial
  1 comment · 1 points
Popular Threads
Recent Comments
- What I can say is very nice and helpful as well as informative post...really help me very much more!! Thanks.. Cheers, <a href="http://sain-web.com" rel="nofollow">Buat...
  16 hours ago by Traveller_Adventure
  
  in Running your own iPhone applications without paying the developer fee
- You’re working on a proof of concept for your business and have only rough developments to show investors. This is still “friends & family” territory, but some Angel investors might be willing...
  2 weeks ago by johnrhawkins1971
  
  in Double Entry Accounting with Invoicing in Rails
- Insightful read. I have just bookmarked this at stumbleupon. Hope others find it as interesting as I did.
  3 weeks ago by Phone Verified Accounts
  
  in Disqus
- thank you for this information..
  1 month ago by Dalaman Transfers
  
  in Disqus
- Nice post there. Raised a few things I hadn't thought about before. Thx.
  1 month ago by Craigslist Proxy
  
  in Disqus

CuppaDev

Jump to original thread »

Cuppadev » OpenID in RailsCollab

Started by James Urquhart · 9 months ago

No excerpt available. Jump to website »

3 comments

Jason
1 year ago

Actually, you don't even need to give them a username. Their OpenID can become the "username identifier". Most OpenID oriented consumers do this. Jyte, Pibb, Zooomr, Ma.gnolia, etc.

Now, there is a "best practices" recommendation where you should allow any given "user" (in terms of one person) the ability to link multiple OpenIDs, or set a plain 'ole username and password, in case their OpenID Identity Provider is down.

I personally would rather go with additional factor authentication. Simple (private'ish) profile questions that only come into play when a provider does not resolve.

That's just me, though.

reply

James Urquhart
1 year ago

Jason,

I partly followed the "best practices" concept and just made each user have an OpenID field which is checked against when logging in via OpenID.

Although i didn't go so far as to allow them to have multiple OpenID's, as considering they could still login with a regular username + password it seemed a bit silly.

IMO, if one wants to use multiple OpenID providers with a single app, they should just setup their own OpenID page which links to any one of the various providers they want to use.

Regards,

James

reply

Chris Messina
1 year ago

Awesome to hear that you've added support!

You should also take a look at OAuth... "OpenID for APIs" in a sense... or a kind of generalized FlickrAuth. We've been building this out for the last several months to solve problems that both Ma.gnolia and Twitter have had in either getting OpenID to work on the desktop side (Ma.gnolia Dashboard Widget support for OpenID) or on the API side (Twitter's various mashups that ask for your Twitter username and password).

Basecamp currently exposes a limitation of OpenID in that it assigns you a username and password to access your protected RSS feeds... instead, Basecamp should grant external applications a token that allows for user-controlled access to their data. OAuth provides the protocol to solve that exact problem.

http://groups.google.com/group/oauth

reply

Add New Comment

Returning? Login