Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Logging in via OpenID is currently a PITA because you have to click on the "Log In using OpenID" link every time you want to log in. This patch moves that option to a more conveniently clickable checkbox (easier access with keyboard!). Additionally, it tries to log in using OpenID if the user didn't enter a password (even if the "Log in using OpenID" checkbox isn't checked). In the following is a chart that shows the new *faster* ways to login:
Comment | File | Size | Author |
---|---|---|---|
#32 | drupal8.openid-streamline.32.patch | 10.88 KB | sun |
#7 | streamline-openid_0.patch | 11.15 KB | kkaefer |
#1 | streamline-openid.patch | 11.4 KB | kkaefer |
new-openid-login.png | 58.88 KB | kkaefer |
Comments
Comment #1
kkaefer CreditAttribution: kkaefer commentedComment #2
floretan CreditAttribution: floretan commentedThis seems to be a good usability improvement. I'm not sure about trying to log in with OpenID if the user didn't check the box and also didn't enter a password. It's definitely happened to me a couple of times to enter a username and accidentally press 'enter' before entering a password, and it would confuse users if a different authentication method was tried without them knowing. Maybe this should be left out and added to a contrib module like loggintoboggan.
One confusing behavior is that when you click on the OpenID link, the form is collapsed (as if the checkbox had been clicked) before redirecting to openid.net.
Comment #3
moshe weitzman CreditAttribution: moshe weitzman commentedThis is an improvement for sure.
Perhaps you will consider another technique I have seen around the interwebs. Some sites track which login method (local vs. openID) a browser last used. And when they present the login form, it is customized for that method. Thats it - simple and helpful. It will require us to send another cookie (gasp) but I think OK.
Comment #4
lilou CreditAttribution: lilou commentedPatch no longer applied.
Comment #5
dmitrig01 CreditAttribution: dmitrig01 commentedWe should probably have a cookie library, like at the bottom of http://www.quirksmode.org/js/cookies.html.
Comment #6
kkaefer CreditAttribution: kkaefer commentedSee http://drupal.org/node/305221 for a cookie handling library.
Comment #7
kkaefer CreditAttribution: kkaefer commentedSynced with most recent version. Does not yet use cookies to automatically preselect (see http://drupal.org/node/305221 for a cookie library). I'm not sure whether preselecting OpenID when the cookie is set is really necessary.
This patch also removes the ability to log in using OpenID when specifying no password and NOT selecting the OpenID checkbox.
Comment #8
kkaefer CreditAttribution: kkaefer commentedNote that due to a bug (http://drupal.org/node/305236) it's not really possible to log in using OpenID.
Comment #9
kika CreditAttribution: kika commentedTrying to get more usability spotlight to this. As far I understand, we are talking about 2 related usability improvements:
1. Allow OpenID login using regular u / p form (did I got it right from the middle-right screenshot?)
2. Store last login method using a cookie
Improvement 2. truly makes sense, +1 from me.
But improvement 1. seems unclear to me:
- do we still want to have 2 different forms for regular login (u / p fields) and OpenID (url field) or we are trying to merge them to a single form (where username can be both drupal username and openid)? Trying to have both regular and OpenID forms accept OpenID seems weird and unintuitive for me.
So -1 for this.
PS: We need to collect best OpenID login practices.
Comment #10
kkaefer CreditAttribution: kkaefer commentedThis patch *technically* uses the same login form, but it looks differently when you select OpenID login. As soon as you click the checkbox, the password field is hidden and the username field gets a small OpenID logo. This is easier to use because you can easily toggle checkboxes with your keyboard. Please apply the patch and try for yourself.
I don't think that it's really necessary to store the last login method in a cookie, but I'm not opposed to that either.
Comment #11
moshe weitzman CreditAttribution: moshe weitzman commentedThis is an improvement. Any chance you can alter the Username field to say OpenID as its title when in that mode?
Comment #12
moshe weitzman CreditAttribution: moshe weitzman commented1 hunk failed but it is pretty big. Might have failed due to recent behaviours change. If someone can refresh the patch and implement my suggestion in #11, I will help get this to rtbc.
Comment #13
Wim LeersSubscribing.
Every time I see a Drupal web site that has OpenID logins enabled, I sigh because I know how crappy the animation works (stuff jumping around is BAD) after I've clicked the "use OpenID" checkbox. The behaviour kkaefer suggests is the one I expect: just enter your OpenID and let some JS detect that. I think storing the last login method is quite useless thanks to the behaviour I just mentioned.
I don't have the time to push this forward, but *many* thanks to those who will :)
Comment #14
Bojhan CreditAttribution: Bojhan commentedI am slighty confused how this could be more usable, scenario 1 that kika suggests. Arn't we making the whole form more clutterd if we say login using : OpenID? Wouldn't people who use OpenID, scan for the word OpenID click it and just go ahead with it? It sounds like a nice interaction, but adding another chechbox to me sounds a bit off.
There is a usability report on this :
http://developer.yahoo.com/openid/bestpractices.html
Comment #15
Wim LeersHuh? No, Bojhan, that's exactly it: you don't have to check that checkbox anymore (you do have to do that right now)! You just type your OpenID, which is an URL. As soon as the JS detects an URL, it hides the password field and checks the checkbox automatically.
As kkaefer put it:
Comment #16
alexanderpas CreditAttribution: alexanderpas commentedremember to think about C-grade browser...
also, what about people that use a url as login that isn't an OpenID
Comment #17
Bojhan CreditAttribution: Bojhan commentedWimLeers: Hehe, I was just confused - Thanks for clearing it up. Goodluck with the patch!
Comment #18
arianek CreditAttribution: arianek commentedComment #19
Heine CreditAttribution: Heine commentedA lot of users, perhaps even most, won't enter a schema and will fail the URL detection.
Comment #20
moshe weitzman CreditAttribution: moshe weitzman commentedAny of the improvements discussed here would be a welcome improvement over the nil improvement we have today. Anyone up for reviving this?
Comment #21
arianek CreditAttribution: arianek commentedindeed. kkaefer's work here is a huge improvement... i wonder if walkah ever caught wind of it. /me attempts to ping...
Comment #22
kkaefer CreditAttribution: kkaefer commentedNote that the patch I posted violates the OpenID user agent guidelines because it renames the text field for the OpenID. According to http://openid.net/specs/openid-authentication-2_0.html#initiation, it should retain the name "openid_identifier".
Comment #23
Heine CreditAttribution: Heine commentedRelated (after #3) #742366: Better UX for OpenID users.
#19 is probably not relevant as the checkbox is still there.
Comment #24
Taxoman CreditAttribution: Taxoman commentedIt would be practical for the administrator of many web sites if the default could be set through admin pages.
For example a way to _only_ provide openid login (requirement), for sites that are for example internal and invitation-only and/or where an administrator is creating user accounts on request. Those cases should only show the OpenID field and hide the username and password fields.
Comment #25
Damien Tournoud CreditAttribution: Damien Tournoud commentedIt's now too late for D7.
Comment #26
arianek CreditAttribution: arianek commented@taxoman, that should probably be filed as a separate issue (and noted here)
Comment #27
Leeteq CreditAttribution: Leeteq commentedNew feature request registered here:
"OpenID-only login with optional provider restrictions"
http://drupal.org/node/955900
Comment #28
Heine CreditAttribution: Heine commentedDanielTheViking - please refrain from adding unrelated issues here.
Comment #29
Francewhoa+1 subscribing
Comment #30
mlncn CreditAttribution: mlncn commentedDefinitely need this; at least this!
Comment #31
Dane Powell CreditAttribution: Dane Powell commentedsub... would definitely like to see more respect paid to OpenID and its users...
Comment #32
sunRe-rolled against HEAD.
Note: I didn't test the functionality.
Comment #34
arianek CreditAttribution: arianek commented#32: drupal8.openid-streamline.32.patch queued for re-testing.
Comment #37
Gábor HojtsyPer #556380: Remove OpenID from core