Brion Vibber wrote:
Dan Libby wrote:
1) this patch piggy-backs on top of
SpecialUserlogin. So if a username
contains "://" or '." then the OpenID code kicks in. This does not
provide any sort of possibility for other login types, eg LID. Also it
would break any pre-existing logins with those strings in them.
The . check would break... 12579 registered usernames on
en.wikipedia.org. :)
Ouch. So clearly a better solution is needed for the user to specify
which type of Login system to use.
I've seen a couple sites that have a dropdown selector on the login page
for the user to pick the login type. That seems pretty clean to me.
2) MediaWiki insists on upper-casing all titles,
including usernames. I
worked around that for actually storing the username, but it still
happens for display,which looks kinda nasty for eg:
"Http://danda.videntity.org/". I'm not sure how to get around that as
the title normalization stuff is a bit, umm, inscrutable.
Using URLs for usernames is going to be inherently broken on the wiki,
as accounts are closely tied to their user pages on the wiki. To be
non-broken, the usernames need to be real, valid page titles. There are
many valid URLs which are not valid titles, and trying to use them like
that is I think going to be a tangle of ugliness, special cases, and
identifiers which won't be able to login despite having a valid OpenID
system.
I worked around this issue by forcing URLs to always use the "?title="
format if the title contains "/". Otherwise there were problems with
Apache (php?) munging "//" in the PATH_INFO variable into "/".
It was a pretty simple check in Title::getLocalURL(), not much of a tangle.
afaik, user talk pages are working fine for OpenID logins.
Also, that seems like an issue that would affect any titles with "//",
but probably it is not a common case so possibly no one has run into it yet.
There are basically two ways you can go I think:
1) OpenID identifiers are a special class of users and handled
distinctly, like anonymous IP addresses are.
Interesting. I wasn't aware of the distinction.
Some mechanism for displaying properly formatted names
and for picking a
not-too-illegible title for the user page / talk page would need to be
added to the core code.
Every place that takes a username in input, displays a username in
output, or tries to make a user page link would need to change. (That's
not that bad an idea, though; consolidation of duplicated code would be
good and other external authentication systems could use this same
ability.)
-or-
2) OpenID identifiers can be used to authenticate a named account in
place of a password, but you have to pick a valid username name and
create an account. (This could be as simple as confirming an automatic
transformation of the OpenID identifier or choosing to change it during
your first login.)
Easy, but of course not as 'cool'. :)
I'm not sure it is so easy actually.
This approach would seem to defeat much of the benefit of OpenID if it
is not automatic. Who wants to login with their universal ID only to
have to choose a local ID?
The difficulty with an automatic approach is guaranteeing a transform
that looks nice and yet is still unique. For plain http:// urls, you
can get rid of the "http://" portion because it is assumed, but you
can't do that if the url starts with "https://".