tags:

views:

194

answers:

2
+5  Q: 

Using OpenID how do you handle 2 accounts with the same nick

Hi there,

If I want to provide OpenID as the only registration method available AND want to do something meaningful with the nick name, how can I handle 2 users with the same Jon Smith nickname?

Actually, when I looked at StackOverflow's URL schema I was surprised that the internal user ID was being used in the URL. For example:

http://stackoverflow.com/users/5908/z225rate

Now I realize it's probably to avoid this problem.

But this also opens a tricky scenario. What if users wants to impersonate someone else? They just need to create a fake OpenID account, copy the nick and there you go. Sure you can tell who's who looking at the OpenID url, but it's quite likely going to cause confusion among non-experienced users.

I was thinking about checking the nick during registration and forcing the user to pick up another one in case it was already in use. But then you have to keep the new nick and use it instead of the one set up in OpenID. Not nice.

Any ideas? "Don't use OpenID" is not a (valid) idea : ) I mean, it might well be that I end up not using it, but want to know how far would I have to go to make it work "properly".

Thanks!

A: 

There isn't such a thing as a fake OpenID, basically OpenID is mapping a URL space to a user, with a bit of hand off rules on how to pass data around.

Since there isn't a standard on how to form a URL for OpenID it would be a bit ugly to just slap up their full OpenID URL next to their name. Which you've already noted.

Your own internal data should always be considered more valid then the OpenID fields passed by the User. Have the user select another name if a name is already claimed by another OpenID.

Scott Markwell  2008-11-17 22:53:33
+2  A: 

You can use the nick from Open ID and default the nick choice in your system to that, but do not allow duplicates in your system, so they will be forced to choose a different nick for your system.

You could still store their Open ID nick and use it, so if you want them to be able to display their preferred nick from OpenID at all costs, for any dupe users, you could force display as "OpenID Nick (your unique nick)".

So you might have Mike (mike1), Mike (mike2), etc. for any user that prefers a nick that a lot of users want. I would think that this would discourage any users from picking a non-unique nick, since they won't want it displayed that way.

Cade Roux  2008-11-17 22:57:15

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?