OpenID and other Authentication Services
For an ongoing project, I have been tasked to incorporate OpenID authentication. Along with that, I am also to incorporate authentication through Google, Yahoo, and Facebook credentials. Luckily, all of these services have pretty easy and straightforward ways to accomplish this. There is one problem though. It’s the paradox of choice with a dollop of confusion.
The issue lies in the fact that the authentication is also the registration. In other words, logging in can also be signing up if you don”t already have an account. It’s a nice way to do it to save the users from filling out long forms but it can cause problems.
Primarily, if the user uses Google to authenticate on one trip to the site and then Facebook on a subsequent trip, two accounts will be created because there is no definitive way to tie the two accounts together.
Sure, you could create a user in your system and create a password for them and have them use a standard login on your system for subsequent visits. However, that defeats the purpose of the single sign-on authentication service and just means you are duplicating effort.
I have been banging around for ways to handle this and for now, we’ve gone with user education. We tell the user up front to use the same service for every visit otherwise they may create multiple accounts. We also explain what data we can and cannot retrieve from these services.
The site is not launched yet, but it will be interesting to see what the uptake on all of this is. For me, the easiest to code for has been OpenID because it gives the most flexibility from a system perspective and from the end-user perspective.