关于OpenID的设计问题

发布于 2024-08-17 04:15:51 字数 1111 浏览 6 评论 0原文

我正在建立自己的博客,出于各种原因 - 主要是为了使用各种工具构建经验 - 但也因为这样我可以拥有一个像我一样思考的博客;)。

我实现了一个非常狭窄的身份验证系统,用户可以使用 Open ID 登录。我有一个经典的登录页面 - 如果新用户登录,我会询问他们的姓名、网站和电子邮件 - 这里没什么花哨的。

现在,棘手的部分到了评论的时候了。我希望支持以下场景:

  1. 匿名评论
  2. 如果用户已登录,他们当然可以在该帐户下发帖
  3. 如果用户未登录,但在网站上有帐户,他们应该能够登录并发帖1 go
  4. 如果用户未登录并且没有帐户,他们应该能够一次性进行身份验证、填写用户信息并发布所有内容。

前两个很简单,我已经开始工作了。最后一个相当简单 - 当未经过身份验证的用户时,会显示一个包含 5 个输入的标准表单 - OpenID、姓名、网站、电子邮件和评论。如果用户在 OpenID 登录中输入信息,我会对他们进行身份验证,创建一个新的用户帐户并提交评论。

这是我遇到问题的第三个。鉴于在我对用户进行身份验证之前我不知道用户拥有的实际 OpenID url(即,对于 google 帐户,每个人都输入相同的 URL,但在经过身份验证后我的网站收到不同的 URL),我不知道是否要询问无论是姓名、网站、电子邮件还是其他信息,我都在努力思考如何以正确的方式呈现这些内容。

我知道可能没有神奇的解决方案 - 但有人对这个过程的工作流程如何运作有任何好的想法吗?

我考虑过简单地更新用户的个人资料(如果他们有帐户),但我可以看到,烦人的用户可能无法记住他们有帐户。我根本无法思考如何让它以一种良好且明显的方式(对于用户)工作。

任何意见都将受到高度赞赏。

忘了说,运行我的开发版本@ http://dev.blogger.kaareskovgaard 可以看到问题。网。转到任何最近的无意义帖子并尝试以匿名用户身份发表评论。然后尝试发表评论并提供 OpenID URL。现在,如果您在登录时尝试再次发表评论,系统只会要求您提供实际评论。最后再次注销,然后输入相同的 OpenID Url - 现在您仍然需要填写显示名称、网站和电子邮件 - 这是让我烦恼的一点。

I am building my own blog, for various reasons - mainly for experience building with various tools - but also because that way I can have a blog that thinks like me ;).

I have implemented a very narrow authentication system in which users can log in using Open ID. I have a classic log in page - if a new user logs in i ask them for their name, website and email - nothing fancy here.

Now, the tricky parts come when it gets down to commenting. I wish to support the following scenarios:

  1. Anonymous comments
  2. If user is logged in, they can of course post under that account
  3. If a user is not logged in, but has an account on the site, they should be able to log in and post in 1 go
  4. If a user is not logged in - and doesn't have an account, they should be able to authenticate, fill out user information and post all in 1 go.

The first 2 are easy enough and I have got this working already. The last one is fairly straight forward - when not authenticated users are shown a standard form with 5 inputs - OpenID, Name, Website, Email and Comment. If a user enters information into the OpenID log in, I authenticate them, create a new User account and submits the comment.

It's number 3 I have issues with. Seeing as I do not know the actual OpenID url a user has until I have authenticated them (ie. for google accounts everyone enter the same URL, but after authenticated my site recieves a different URL), I do not know if I am to ask for Name, Website, Email or not - and I am struggling with how I am supposed to present this in a proper way.

I know there are probably not a magical solution to this - but does anyone have any good ideas as to how the workflow of this process could work?

I have considered simply updating a users profile if they have an account, but I could see that being annoying as well as users might not be able to remember that they have an account. I simply cannot wrap my head around how to get this to work in a nice and obvious way (for the user).

Any input is greatly appreciated.

Forgot to say, the problematics can be seen running my development version of this @ http://dev.blogger.kaareskovgaard.net . Go to any of the recent nonsense posts and try to comment as an anonymous user. Then try to comment and provide an OpenID URL as well. Now if you try to comment again while being logged in you will only be asked to provide an actual comment. Lastly log out again and now enter the same OpenID Url - now you are still being required to fill out Display Name, Website and Email - this is the bit that annoys me.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

彩虹直至黑白 2024-08-24 04:15:51

我决定使用上述方案没有正确的方法来处理这个问题。我已改为简单地让人们使用 OpenId 进行身份验证,并显示一个漂亮的徽标以及他们在身份验证时识别的 OpenID URL。然后就可以简单地省略在网站上为评论员保留用户个人资料的操作。我想这可能是处理这个问题的最佳方法,而且我不确定我最初的想法是否有任何好处,如果我能够找到一个好的解决方案。

I have decided that using above stated scheme there's no proper way of handling this. I have switched to simply letting people authenticate with OpenId and display a nice logo and their OpenID URL that they have identified with when authenticating. Keeping user profiles on the site for commentators is then simply omitted. I guess this is probably the best way of handling this either way, and I am not sure if my initial idea was any good any way, if I had been able to find a good solution.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文