I was just wondering if it would be possible for CD to support OpenID logins? I don’t know how much work it would be, but it would be a useful feature.


Though I like OpenID in theory and use it where I can, it would make posting spam just one step easier as the spam bot no longer has to pass a CAPTCHA to create an account.

The only way I’d add it is if there was a plugin … I’m not bored enough to write something big from scratch right now. :slight_smile:

I wouldnt be surprised if vBulletin adds it soon as alot of sites are adding it but currently it is not on there to-do list. I havent seen any good plugins that do it well for free yet either.

Let me ask, What would the purpose of OpenID here?
I use OpenID in quite a few different applications, it is very clearly targeted towards the sites that just need quick and simple authentication without the hassle of registering users. For those sorts of small sites where you just need to prove you are the same person that you were last time, like blog comments or many Wikis, it is perfect.
There is nothing wrong with using it on a large site like this, but it would be awkward I think, you still have to have a username associated with your post, which means you have your password too. If the OpenID provider goes down, your entire account is inaccessible if you have no other way to log in.
It might be a good way to log in needing to remember one less password, or more securely with two-factor authentication if you are paranoid like that, so it isn’t a bad thing either. The makers of OpenID might disagree, but for a large community like this I do not believe you should be able to post with nothing more then your OpenID URL, some form of extra registration should be required (I don’t think anyone meant that though?).

As for CAPTCHAs, what prevents you from requiring a CAPTCHA before the new user is created in the database?

How OpenID might be integrated into a BB like this would be that you can log in with the OpenID. If the OpenID exists in the database, it retrieves the corresponding user ID and logs you in. If the user does not exist, it brings you to an account creation page with your name, email, etc already filled out, verify you are human, and create the account and UID. The OpenID is mapped to your UID automatically. Now you can login with whatever provider you feel safe with, anywhere from Anonymous OpenID to with your private key/client SSL cert (what I use) to biometric two-factor authentication. :wink:

With OpenID is is important to allow multiple URLs to link to the same account if there is anything more then a blog comment, unlike individually registered accounts, you are stuck if your OpenID provider goes down your account does not (and vice versa). All OpenID enabled sites need a way to link a new URL to your account without logging in, similar to a “forgot your password?” link.