bchaffee / google-app-engine-samples

Automatically exported from code.google.com/p/google-app-engine-samples
0 stars 0 forks source link

Confusing screen when mismatched openid url is used #11

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
for a user who has authenticated with a user account, say, "foo@gmail.com"; 
and for any reason, he tries to login Open ID with his "bar@gmail.com", 
i.e. with identifier http://openid-provider.appspot.com/bar, he'll see a 
screen as attached.

There are a few problems:
1. given the user try to authenticate as another user, there is no 
indication of authentication failure to both the user and the relaying 
party

2. links like MyAccount, Download Source, OpenID are confusing and may lead 
the user to elsewhere. In the latest Yahoo OpenID usability report, it is 
indicate those are evil.

3. as suggested in the google's Usability Research on Federated Login 
report, the user may login with an email address. i suppose the relaying 
party should convert the email to OpenID URL, so the user actually do not 
use OpenID URL, and the message on screen about "Just enter http://openid-
..." may give the user no clue of what's going on.

4. I wonder the Recent OpenID Requests is broken. even if it is not, it's 
quite confusing.

5. The confirmed, Remembered, Declined buttons are broken. they are never 
clickable. and don't know what are they about.

I wonder if i have get to the wrong place to look for google's openid 
support. is it really the official Google OpenID provider site?!

Original issue reported on code.google.com by mingfai...@gmail.com on 1 Nov 2008 at 9:26

Attachments: