OpenID : Proposal -- Features, Use-Cases, & Screen Flow -- for Better Intuition & Guidance
There are a few suggestions below that may be implemented one-by-one. The base observation is with the redmine-openid-selector installed. We could start by improving that plugin before integrating.
There are two scenarios:
- Sign in by Login / Password (SLP)
- Sign in by OpenID (SOID)
There is also the necessary eventuality of registration:
- Registration by Login / Password (RLP)
- Registration by OpenID (ROID) that could have the same initial screen as SOID
Proposition of Features & Ergonomics¶
Modified Ergonomic /login Screen that Guides¶
Unique /login screen proposes the following (perhaps by DIVs of which only one is visible at any time):Choice:
- Login / Password
On choosing, one of the 2 Forms is present
Offer a third choice "Both Redmine Login / Password, and OpenID."
Choice of Login / Password¶
On the screen is shown:
- perhaps on the left, just a login and a password window (no open ID)
- perhaps on the right, just a link to the login page (If registration activated)
Choice of OpenID¶
On the screen is shown the OpenID Selector, but nothing else.
Variant on Choice of OpenID¶
A link can render visible a field for the login.
A link can render visible a field for the email.
If the login or the email (priority to email) are entered, then this OpenID may be associated to this existing account. Password or email verification only on successful OpenID passage. If account does not exist by email or by login, then login and/or email are pre-populated in /account/registration if registration is activated.
Variant Choice of Both Redmine Login / Password, and OpenID¶
The current screen stands, but if the login / password are correct, the the OpenID URL is reinitialized.
Continuation of Variant¶
Should the email be taken, a registration screen only asks for the password associated with the username of that email to reinitialize the URL. Now the person may not, in that case, remember his or her password. The "email already used" screen should send an email allowing the continuation of the modification of the link (or at least proposition of existing password reminder).
Change of OpenID
- User with correct OpenID URL logs in.
- User with correct Login / Password logs in.
- User with new OpenID URL logs in and is sent to register screen without existing account.
- User with new OpenID URL logs in and is sent to register screen with existing account (variant: email taken from OpenID).
#1 Updated by Christopher Mann about 5 years ago
- Feature #7075 (New): Improve OpenID Selector
- Patch #5267 (New): Allow for OpenID-only operation
- Patch #4641 (Assigned): Add information about openid requirements to /admin/info
- Patch #4225 (New): Support for OpenID Policy URLs
- Defect #3780 (New): Attribute exchange with OpenID providers (But I don't think that attributes are always available)
- Patch #5966 (New): change to allow openID to use Google Apps
- Defect #5532 (New): Meaningful error messages when using OpenID
- Defect #5302 (New): back_url not work for opened login
- Patch #5268 (New): Handle commas in returned OpenID fullnames
- Feature #5022 (New): Support for OpenID login authority delegation
This issue replaces the #10660.
#4 Updated by Loïs PUIG about 5 years ago
I already love the openID selector plugin, but it misses an important feature :
- the possibility to easily associate an already registered account.
- or better, automatic association when a registered user with the same email is found in redmine database.