Sites with bad OpenID support
December 28, 2008
Over the past few months, I have been researching how different websites are implementing OpenID. The major conclusion that I have come to is that many site operators don’t understand OpenID. One of the main selling points to OpenID is not having to register with every damn website you come across.
What really drives me nuts is finding a site that accepts OpenID, I then authenticate with my OpenID provider, only to be bounced to a registration form. What the hell ? My OpenID profile isn’t empty, it contains some basic information about me. Zip code, timezone, Firstname, Lastname and email address. Why would you go and ask me for the same information again ? This information has already been passed back to you with the OpenID protocol! At very least, can you please pre-populate this information ?
When you return to an OpenID site and change your timezone in your OpenID profile, why doesn’t the site you are logging into update your information with the new data sent back from your OpenID provider ?! I know this can be a tricky thing to do, I am working on it for Linkped. I had this support at one point, but had to remove it when I refactored the OpenID login code. My first run with OpenID was a very lame way to support it. Don’t worry, support for updates will be returning very soon. 
Many websites hide their OpenID login screens and for the life of me I can’t figure out why! Hell, I use it as a selling point on Linkped. With 83% of the user base using OpenID who can blame me The OpenID logo is a slick design that fits into almost any website. Don’t make me hunt for your OpenID login screen, put the logo right on your registration form to let your vistors know they can sign up even faster by using OpenID.
OpenID is a great thing, and I am happy to see it getting adopted everywhere. I know that one day spammers will become a problem and site operators will revert to using a captcha after login, but I am ok with that. However, unless more developers stop to think about how difficult and ass half backwards their OpenID implementation is, OpenID isn’t going anywhere.
If you are developing a site that uses OpenID, take some time out of your day and go use some sites that have OpenID. See how bad and annoying some of the implementations are, learn from their mistakes.
I wanted to mention SourceForge as a huge offender here. Basically, you login with openid, then you register as usual, but you can choose to login in the future with openid for that account. WTF?
Ya, Sourceforge is one of the major offenders of this. I contacted them a ways back about this and they made some silly suggestions that this requirement was due to how they handle SSH keys for SVN access.
I call this flow the “double taxation of OpenID”. I think that we need to develop a better and more uniform way of passing data from OPs to RPs, in a similar fashion to Facebook Connect. And only if that fails, then the secondary profile form should be shown — even though that’s a major hurdle that turns off a lot of folks.
In the Yahoo OpenID research that was done, any additional sign up process will cause people to bolt, so it’s actually bad for business on the one hand. On the other, site operators want to collect as much information about people as possible, so there’s a balance to be struck.
This is clearly an emerging area, but the tension that you describe gets at the heart of one of the core challenges we must address with OpenID usability.
I want to use Live Journal as my OpenID provider, but Google can’t seem to talk nicely with LJ. Annoying. As. Hell.
In recent days, I’ve come to view Twitter as my internet driver’s license, but not enough sites allow me to identify via Twitter. Maddening.