Brion Vibber wrote:
Dan Libby wrote:
- this patch piggy-backs on top of SpecialUserlogin. So if a username
contains "://" or '." then the OpenID code kicks in. This does not provide any sort of possibility for other login types, eg LID. Also it would break any pre-existing logins with those strings in them.
The . check would break... 12579 registered usernames on en.wikipedia.org. :)
Ouch. So clearly a better solution is needed for the user to specify which type of Login system to use.
I've seen a couple sites that have a dropdown selector on the login page for the user to pick the login type. That seems pretty clean to me.
- MediaWiki insists on upper-casing all titles, including usernames. I
worked around that for actually storing the username, but it still happens for display,which looks kinda nasty for eg: "Http://danda.videntity.org/". I'm not sure how to get around that as the title normalization stuff is a bit, umm, inscrutable.
Using URLs for usernames is going to be inherently broken on the wiki, as accounts are closely tied to their user pages on the wiki. To be non-broken, the usernames need to be real, valid page titles. There are many valid URLs which are not valid titles, and trying to use them like that is I think going to be a tangle of ugliness, special cases, and identifiers which won't be able to login despite having a valid OpenID system.
I worked around this issue by forcing URLs to always use the "?title=" format if the title contains "/". Otherwise there were problems with Apache (php?) munging "//" in the PATH_INFO variable into "/".
It was a pretty simple check in Title::getLocalURL(), not much of a tangle.
afaik, user talk pages are working fine for OpenID logins.
Also, that seems like an issue that would affect any titles with "//", but probably it is not a common case so possibly no one has run into it yet.
There are basically two ways you can go I think:
- OpenID identifiers are a special class of users and handled
distinctly, like anonymous IP addresses are.
Interesting. I wasn't aware of the distinction.
Some mechanism for displaying properly formatted names and for picking a not-too-illegible title for the user page / talk page would need to be added to the core code.
Every place that takes a username in input, displays a username in output, or tries to make a user page link would need to change. (That's not that bad an idea, though; consolidation of duplicated code would be good and other external authentication systems could use this same ability.)
-or-
- OpenID identifiers can be used to authenticate a named account in
place of a password, but you have to pick a valid username name and create an account. (This could be as simple as confirming an automatic transformation of the OpenID identifier or choosing to change it during your first login.)
Easy, but of course not as 'cool'. :)
I'm not sure it is so easy actually.
This approach would seem to defeat much of the benefit of OpenID if it is not automatic. Who wants to login with their universal ID only to have to choose a local ID?
The difficulty with an automatic approach is guaranteeing a transform that looks nice and yet is still unique. For plain http:// urls, you can get rid of the "http://" portion because it is assumed, but you can't do that if the url starts with "https://".