tags:

views:

121

answers:

2
+1  Q: 

OpenID on a mobile/cell phone

I am trying to set up OpenID authentication on a mobile version of a site of mine (ASP.net MVC, dotnetopenid). When i tested it out earlier (Using WAP internet, Sony Ericsson w200i) it redirected to the provider OK but was very slow to start with, then failed completely due to what i suspect was a too large page.

Does anyone know a good way to implement OpenID for WAP users with a slow connection? Do any providers provide a specialised mobile page?

If OpenID is difficult to implement on a phone, are there any alternatives apart from username and password?

+1  A: 

I've gotten it to work very well on an iPhone. I lack other testing platforms though.

Jarrett Meyer  2009-08-19 22:18:10
Did you doing anything differently than you would if it were designed for a PC?
 2009-08-19 22:34:08
@briggins5 Nothing differently at all. The iPhone followed all of the redirects as expected. I just asked my boss to test it on his BB Storm, and he reports that it also worked just fine.
Jarrett Meyer  2009-08-20 00:22:14
OK, thankyou. Out of interest what provider was it? I have tried MyOpenID and Yahoo and both failed.
 2009-08-20 00:43:45
briggins5, I have gotten it to work with both MyOpenID and Google.
Jarrett Meyer  2009-08-20 02:04:52
ok, thankyou for trying it. It must be by phone.
 2009-08-20 11:31:16
+2  A: 

There are a couple problems that could happen on a mobile phone:

  1. Request size: OpenID can at times carry a large payload. This might mean a large HTTP GET URL or a POST. Besides making it potentially a slow redirect, if either RP or OP implement OpenID poorly, it can cause the browser to actually abort the request, causing the user experience to break. (DotNetOpenId/DotNetOpenAuth is careful with the sizes of requests and jumping between GET and POST as needed). To mitigate this risk and speed things up, only use OpenID extensions you need and only request attributes you absolutely require.

  2. Incomplete Javascript support: some RPs and OPs rely on Javascript support in the browser to assist in the redirect (particularly when POST is used). Some phones don't support (enough) Javascript and this again will break the user experience. Most sites and libraries (including DotNetOpenAuth) mitigate this risk by displaying a "Continue" button the user can click if Javascript doesn't work.

Other than that, there's nothing really special about OpenID that should make OpenID on the phone not work. One thing to keep in mind though is due to the small form factor of phones, key entry is difficult, and so authentication cookies should probably last longer so users don't have to login (whether with username+password or OpenID) as frequently. Also, it's their personal phone, so it's not as much of a security risk to keep them logged in as a shared computer.

Andrew Arnott  2009-08-23 01:05:04

related questions

What are the quickest and easiest ways to ensure existing web pages display well on mobile platforms?
Get position data from mobile browser
Any HTTP proxies with explicit, configurable support for request/response buffering and delayed connections?
Best Java Obfuscation Application For Size Reduction
What are the best remoting technologies for mobile applications ?
Public Cell ID databases
How to do manual form authentication for ASP.NET mobile page
How to tell if a process is running on a mobile device
Single application build for multiple mobile devices
Is there a way to use Lua on BREW 3.0 platform?
Does anyone have a good resource for mobile CSS templates that work on most phones/devices?
moving to android from j2me
Creating a mini-site in ASP.NET that works on Blackberry, Windows Mobile, and iPhone
What kind of technologies are available for sending text messages?
iPhone browser tag and optimized web site
How do you navigate out of a ComboBox on a Windows Mobile Device without a TAB key?
What work has been done on cross-platform mobile development?
Are There Adapters for CF Type II to MicroSD?
Mobile devices for developers
Cannot access a webservice from mobile device
Which resolution to target for a Mobile App?
Mobile device is detected as non mobile device
Planning and Building a mobile enabled site for your main site.
Best binary XML format for JavaME
Programmatic SMS