A note about simple registration
30th June 2007
Simple registration is an extension that allows OpenID consumers to ask your provider for extra information—your name, e-mail address, date of birth and so on.
Unfortunately, the spec often causes confusion for implementers. Here’s the tricky part:
- openid.sreg.required:
- Comma-separated list of field names which, if absent from the response, will prevent the Consumer from completing the registration without End User interaction.
- openid.sreg.optional:
- Comma-separated list of field names Fields that will be used by the Consumer, but whose absence will not prevent the registration from completing.
This is often interpreted as meaning that you can pass along a list of required fields and be guaranteed that they will be handed back to you. This is not the case: some providers (idproxy.net for example) don’t support simple registration at all; others (like WordPress.com) only support a subset of the fields, since they don’t store details such as the user’s postcode. If your provider insists on certain values being returned by simple registration, some of your potential users will be unable to sign in.
The misunderstanding stems from the definition attached to the required field. When you make a simple registration request, you’re providing advice to the provider. You’re essentially saying that the user is going to have to provide this data eventually in order to register with your service, so it would be really handy if the provider could send it over to you. If they don’t, your application will have no choice but to ask the user for it directly.
In other words, even if you specify required values you shouldn’t expect them to come back every time.
By far the best way to use simple registration is as a way of pre-filling a signup form for your user. Many applications ask the user to complete a short registration form the first time they sign in with their OpenID. Use simple registration to pre-fill some of those form values—that way, if it’s not available (or some of the values are missing) your application logic doesn’t really care, it’s just one more form field that the user will have to complete themselves. Ma.gnolia.com is a great example of a site that does the right thing.
See also this thread on the mailing list from back in March.
More recent articles
- ChatGPT Canvas can make API requests now, but it's complicated - 10th December 2024
- I can now run a GPT-4 class model on my laptop - 9th December 2024
- Prompts.js - 7th December 2024