Home/ Questions/Q 3949866
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T01:32:39+00:00

I have a working web application which already has a login and registration system.

  • 0

I have a working web application which already has a login and registration system. I’m looking for some advice on how to do it.

Until now, users have a username, an email, a password and some optional fields. The registrartion is the usual process with email confirmation.

Now I’d like to allow users to use OpenId. So I have added an openid field to the table. There are two different login forms, and users which are already registered can add their openid info and use either login form.

The problem is with new users who come on the site for the first time and try to login with OpenId. I create a new user for them, and I don’t need a password, but still I need at least a username, which is used on the site (I’m not sure if the email is needed).

So my problems are:

1) How do I manage validation? Some fields are required for some users, (e.g. a password) but not for some others. I mean, I can do this, but it immediately gets messy.

2) Should I ask for a username and email on the first OpenId login? On the one hand I’d say yes, but I fear this vanishes the advantages of using OpenId, that is, not having to
provide details.

3) I could get the details via SReg or AttributeExchange, but most providers have a bad support for those. For instance my Gmail OpenId account does not tell the email (!). Is there some place to learn more about the current support for these extensions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    an article about how to integrate OpenID in an existing site is at http://www.paxo.com.

    Some quick solutions to your probems are:

    1) I think you need an extra signup process. At the beginning, the user may choose if he wants to use OpenID or not. If not, you have your existing signup process. If he usese OpenID, most information might be recived through the attribute exchange (email, prename, lastname, …)

    2) You can get the Email through OpenID attribute exchange. I would not ask for a Username or any other data which is not realy required. But I would provide a possiblity for the user to set/change this after he has registered.

    3) Its not true that Gmail doesn’t tell you the email. (Official Google Docs, Attribute Exchange with lightopenid). You have to add the adress as a required value.
    I don’t know a site were different OpenID providers support for Attribute Exchange is described. Here is an Yahoo-Article about their support for AX.

    • 0