[typo] OpenID authenticated comments

Patrick Lenz patrick at lenz.sh
Sun Jan 8 02:56:45 EST 2006


a couple of remarks:

It's great to see progress on authentication systems integration for
typo. However, this should never replace simple and anonymous comments
on any blog. It should be completely optional.

It also shouldn't require us to get rid of AJAX comments. Although
we've had many griefs with it in the past, it's still kind of a unique
feature that sets us apart from the competition. We should still be
able to make the redirects work through Javascript (similar to what
Google does with its services right now where you sign in with your
Google account, get a little read 'Loading..' in the upper right
corner and are then redirected to the final, authenticated service

Putting the Open ID token in the session will be a bit of work as with
statically cached pages the session is not available up front.
However, we could even resort to having it pre-filled in a form with
an Ajax callback if you've commented before.



On 1/8/06, Brian Ellin <brianellin at gmail.com> wrote:
> Typo developers,
>  I'm starting a Typo powered blog, and being an OpenID developer I'd like to
> launch it with OpenID authenticated comments.  This evening I hacked
> together primitive OpenID authentication within the existing comment
> framework.  It works by authenticating the URL the commenter types in the
> "Your blog" field.
>  After doing this I actually googled "typo openid" to find:
> http://scottstuff.net/blog/articles/2005/09/15/comments-for-typo
>  http://typo.leetsoft.com/trac/ticket/469
>  There appears to be sufficient interest in having OpenID enabled comments
> distributed with typo, and I have a few questions for you developers about
> how it should all work.
>  1) UI and flow
>  Before adding a comment, the user needs to be authenticated.  This could be
> done in one or two steps.  In the two step case, the user enters their
> OpenID url, is authenticated, and then may proceed to the add comment form.
> In the one step case, the OpenID field and the comment content are in the
> same form.  On submission, the comment is stored somewhere (session?), and
> then the authentication is done on the URL.  This requires a redirect to the
> commenter's OpenID server, and upon return and valid authentication the
> comment is added to the site.
>  Which of these methods best fits into Typo?  I personally like the two-step
> case, in which I can essentially be logged into the site and post other
> comments without typing my OpenID again.  In the one step case, there needs
> to be a strategy for when the user is unable to authenticate.  If the user
> cannot auth, the comment data is still stored in the session and will have
> to be GC'd.
>  2) Redirect & AJAX
>  Comments in typo are AJAX'd by default.  The OpenID protocol requires a
> browser redirect to send the commenter to auth w/ her server, and this does
> not fit well into the AJAX style of posting.
>  On an AJAX redirect, a message shows up saying something like "You are
> being redirected", where the "redirected" word is actually a link the user
> has to click to go to the redirect.  Obviously that makes for a weird user
> experience, and it'd be best if the user was just automatically redirected.
>  Positive user experience would require non-AJAX comment posting for OpenID
> authenticated comments.
>  3) How does all this fit in with the existing comment system?
>  Are the other fields necessary anymore?  Email is important, but in the
> future OpenID world it will be less important.  Name and blog URL are not
> explicitly necessary.  Personally I'd like to see just an OpenID URL field
> and the comment box (which is probably how i'll set it up on my site).
>  4) Configuration options
>  Should OpenID authentication be toggleable for comments?  Etc...
>  I'm really excited about adding OpenID authentication to Typo, and look
> forward to your thoughts on it all.
>  Have a good weekend,
>  Brian Ellin
>  http://brian.myopenid.com
>  http://openidenabled.com/
> _______________________________________________
> Typo-list mailing list
> Typo-list at rubyforge.org
> http://rubyforge.org/mailman/listinfo/typo-list


Patrick Lenz (scoop)

http://poocs.net/              # Personal Weblog
http://limited-overload.de/    # Web application development
http://freshmeat.net/          # Free software archive
http://topmedia.de/            # IT Storage Solutions
http://eins.de/                # Community portal network

More information about the Typo-list mailing list