Tutorial :Design question regarding OpenID


I am building my own blog, for various reasons - mainly for experience building with various tools - but also because that way I can have a blog that thinks like me ;).

I have implemented a very narrow authentication system in which users can log in using Open ID. I have a classic log in page - if a new user logs in i ask them for their name, website and email - nothing fancy here.

Now, the tricky parts come when it gets down to commenting. I wish to support the following scenarios:

  1. Anonymous comments
  2. If user is logged in, they can of course post under that account
  3. If a user is not logged in, but has an account on the site, they should be able to log in and post in 1 go
  4. If a user is not logged in - and doesn't have an account, they should be able to authenticate, fill out user information and post all in 1 go.

The first 2 are easy enough and I have got this working already. The last one is fairly straight forward - when not authenticated users are shown a standard form with 5 inputs - OpenID, Name, Website, Email and Comment. If a user enters information into the OpenID log in, I authenticate them, create a new User account and submits the comment.

It's number 3 I have issues with. Seeing as I do not know the actual OpenID url a user has until I have authenticated them (ie. for google accounts everyone enter the same URL, but after authenticated my site recieves a different URL), I do not know if I am to ask for Name, Website, Email or not - and I am struggling with how I am supposed to present this in a proper way.

I know there are probably not a magical solution to this - but does anyone have any good ideas as to how the workflow of this process could work?

I have considered simply updating a users profile if they have an account, but I could see that being annoying as well as users might not be able to remember that they have an account. I simply cannot wrap my head around how to get this to work in a nice and obvious way (for the user).

Any input is greatly appreciated.

Forgot to say, the problematics can be seen running my development version of this @ http://dev.blogger.kaareskovgaard.net . Go to any of the recent nonsense posts and try to comment as an anonymous user. Then try to comment and provide an OpenID URL as well. Now if you try to comment again while being logged in you will only be asked to provide an actual comment. Lastly log out again and now enter the same OpenID Url - now you are still being required to fill out Display Name, Website and Email - this is the bit that annoys me.


I have decided that using above stated scheme there's no proper way of handling this. I have switched to simply letting people authenticate with OpenId and display a nice logo and their OpenID URL that they have identified with when authenticating. Keeping user profiles on the site for commentators is then simply omitted. I guess this is probably the best way of handling this either way, and I am not sure if my initial idea was any good any way, if I had been able to find a good solution.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »