Allow OpenID

#3 of my top five wishes in February 2009.

In the topic Nabble as an OpenID consumer:

> We can work on this when someone asks for this feature in the premium support forum

I think that many users will appreciate support for OpenID.

Thanks!
Graham

Does it make sense to look at multiple options:



?

The more options the better but I'd like to keep this topic on OpenID.

I added a separate topic,
Allow Google for registration/authentication.

We will investigate OpenID and let you know the details.

Thanks!

Hi Graham, we investigated OpenID and we found several issues. First, website owners have been complaining about it, see:
http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened
http://news.ycombinator.com/item?id=1915588

Besides that, we really tried to implement it. The first information OpenID must give to Nabble is the email of the user. Not all providers give this information, which is pointless to Nabble because we would have to request the emails anyways in the registration page. So we cannot generally accept OpenID on Nabble. But we started looking into Google and Facebook because they provide the email of the user and this integration could possibly work. In fact, it was quite easy to integrate these services with Nabble, until we tested embedding and custom domain names. Nabble has a complex login mechanism for embedding and only Google was able to work with it. On the other hand, Facebook requires a fixed domain to send/receive requests, so custom domains don't work. In summary, Google is probably the only OpenID provider that can work smoothly with Nabble. Since you originally requested generic OpenID, I am not sure Google will satisfy your needs. Unfortunately, that's the only service we could offer for now. Please let me know what you think.

Revisiting this … thanks for the links. Interesting reading.

Re: use of OpenID (and other authentication routines) at Stack Overflow and elsewhere in Stack Exchange, it's a really nice solution, neatly implemented in that network. For each account at http://stackexchange.com/users/17156/graham-perrin?tab=accounts OpenID was my starting point. Key point:

• without that simplicity, I would not have joined some of the stacks.

… almost all the responses here really *are* using third party login systems -- twitter, facebook, openid, etc. I guess what that says is that for certain lightweight-ish things, this third-party login model DOES work.

– http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened#comment-98750592

For what it's worth, whilst reading up in the phpBB area I found Innovative Techniques To Simplify Sign-Ups and Log-Ins | Smashing UX Design (2011-05-05), referred from [RFC] Registration & Login Overhaul - Development Discussion Board (2011-05-17). Also [RFC] Usability: Login on registration (2011-10-10) and [RFC] Auth Plugin Refactoring & User Integration (2012-04-24).

Anyway, back to Nabble. If not OpenID, I'd still love to see allowance of other commonly-used third-party authenticators.

Thoughts?

Thanks

As I explained in my previous post, the problem is embedding and custom domain names. These two features don't work smoothly with third-party logins. Besides that, we are involved with new projects and we will be quite busy for several months. Third-party logins should be off until then.