[TYPO3-dev] Backend login form / OpenID field

[Christian Weiske]

Hi,


While talking with Helmut about my OpenID patches yesterday, he said
that it still has to be possible to use an OpenID without
protocol/schema: "cweiske.de" instead of "http://cweiske.de" in
the OpenID field.

With my patch[1,2] this is not possible anymore - I don't know if it's
an OpenID beforehand, so I need to detect it somehow.

I can think only of two solutions to this problem:

1. Use a hidden field that tells the login service "this is an OpenID"
2. Use a different field name for the OpenID URL, thus detecting it
   that way. This approach would also allow us to implement a
   recommendation in the OpenID spec; OpenID fields should have the
   name "openid_url".

What would you prefer, and why?

----

Another issue is frontend integration. If we exclusively use a new field
name now, existing FE login forms utilizing OpenID fail.

There are also two ways we can handle this problem:

1. Still accept OpenID URLs in the username field, but only if they are
   URLs with a protocol (http:// or https://). This would keep not
   full, but enough backwards compatibility - but make the code not
   exactly cleaner.
2. Don't care about it and break the custom forms. People would be
   required to change the field names to "openid_url", which in turn
   makes it impossible to use the same field for username and OpenID
   login at the same time.
   On the other hand, if we just had the hidden "login mode" field, the
   field's name could stay the same, and a checkbox/radio button
   will have to be added.


[1] http://forge.typo3.org/issues/25322
[2] https://review.typo3.org/21373

-- 
Regards/Mit freundlichen Grüßen
Christian Weiske

-= Geeking around in the name of science since 1982 =-