Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

A note about simple registration

Simple registration is an extension that allows OpenID consumers to ask your provider for extra information—your name, e-mail address, date of birth and so on.

Unfortunately, the spec often causes confusion for implementers. Here’s the tricky part:

openid.sreg.required:
Comma-separated list of field names which, if absent from the response, will prevent the Consumer from completing the registration without End User interaction.
openid.sreg.optional:
Comma-separated list of field names Fields that will be used by the Consumer, but whose absence will not prevent the registration from completing.

This is often interpreted as meaning that you can pass along a list of required fields and be guaranteed that they will be handed back to you. This is not the case: some providers (idproxy.net for example) don’t support simple registration at all; others (like WordPress.com) only support a subset of the fields, since they don’t store details such as the user’s postcode. If your provider insists on certain values being returned by simple registration, some of your potential users will be unable to sign in.

The misunderstanding stems from the definition attached to the required field. When you make a simple registration request, you’re providing advice to the provider. You’re essentially saying that the user is going to have to provide this data eventually in order to register with your service, so it would be really handy if the provider could send it over to you. If they don’t, your application will have no choice but to ask the user for it directly.

In other words, even if you specify required values you shouldn’t expect them to come back every time.

By far the best way to use simple registration is as a way of pre-filling a signup form for your user. Many applications ask the user to complete a short registration form the first time they sign in with their OpenID. Use simple registration to pre-fill some of those form values—that way, if it’s not available (or some of the values are missing) your application logic doesn’t really care, it’s just one more form field that the user will have to complete themselves. Ma.gnolia.com is a great example of a site that does the right thing.

See also this thread on the mailing list from back in March.

Posted 30th June 2007 at 9:28 pm

This is A note about simple registration by Simon Willison, posted on 30th June 2007.

Tagged , , , ,

View blog reactions

Next: jQuery for JavaScript programmers

Previous: Doing Local Right

7 comments

  1. Sudokular supports a few of the attributes and will read in the sreg attributes from your provider. We used this when testing external integrated sites.

    Sudokular supports SReg well enough. - 1st July 2007 01:32 - #

  2. I will try to implemate the extention. Thanks fo the info. Jim

    Rackjobbing - 2nd July 2007 02:18 - #

  3. Hi,
    This is really helpful.
    Cheers!
    Ray

    Web Development - 16th July 2007 13:16 - #

  4. Yeap, I failed this test of intelligence for my app. I assumed I'd get a nickname and an email for each new user, and then did clever things to autogenerate a login for them, and let them use the app straight away.

    First user to come along didn't have the values in their profile, and the app came crashing down for them. DOH! :)

    Dr Nic - 20th July 2007 15:09 - #

  5. Thx for this post!

    greetings

    tanie projektowanie www - 29th July 2007 07:42 - #

  6. Good work,thanks for your articles!keep update!

    cnlogistic - 8th August 2007 15:28 - #

  7. It's pretty unfortunate that the openid provider with the most openids offers such a limited service. AOL doesn't seem to support sreg at all

    sandro - 15th August 2007 02:24 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site