People don’t really like to register.You have to (generally speaking) come up with a username and password, go to your email, wait for the email, open it, click on the account activation link, and then don’t forget that username and password. But there is a way, by which all these steps are not necessary. Moreover, you don’t have to enter anything from the keyboard, 2 clicks and that’s it, the person is registered.
What is the most common element in todo startups? I think something like this : "The plan is to do OpenID login. Why don’t they do that? Because it’s kind of unnecessary. Nobody knows about OpenID, nobody needs it. I have an impression that the login or registration by OpenID is done usually to show the technological sophistication of the project. But OpenID can be an extremely useful thing that simplifies people’s life and increases the number of users of a resource. Here is my vision of how to correctly use this technology.
To begin with — the facts :
- The users of yandex.ru, rambler.ru and gmail.com together cover a very large percentage of Runet users. The only thing missing from the mail services here is mail.ru.
- Yandex.ru, rambler.ru and gmail.com are OpenID 2.0 providers.
- To authenticate via OpenID 2.0, you don’t have to type anything at all, if the site knows the OpenID provider and the user is authorized with that provider. With OpenID 2.0, the server address is the same for all users (no username appears anywhere in the url).
- Users don’t know (and don’t want to know) what OpenID is. Well maybe 1% heard somewhere that it’s such an obscure geek thing.
Which follows from this
In Russia (and in CIS) it is quite possible to consider only 3 OpenID providers: the above mentioned yandex, gmail and rambler. If you give users a choice of these 3 providers, then with a high probability a person will have an account somewhere. The user chooses their provider from these 3 (1 click) – the site now has information about which url to use for OpenID authentication. The normal OpenID authentication procedure can then be performed. If the user is authorized by the ISP, they will validate authentication (1 more click). If not, he is authorized (this is different for everyone, in the best case – 1 click, login and password are set by the browser), then confirms authentication.
What we have: primary authentication in 2 clicks (if the user is authorized in his mail). The site can either register or authorize the user. Site can get additional data for registration (if needed) via SREG, hCard, ax, something can be extracted from openid login (for all this the user does not need to do anything). If something else needs to be filled in, then ask the user further. Note that you will need to ask potentially less than you would do with normal registration.
Repeated logins will happen in 1 click (if user pressed "remember link" during authentication), as in the case with autofill login-password pair by browser. And, of course, there are cookies to remember user authorization.
Now about the interface.
It seems to me that teaching users what OpenID is is a dead end. And we should assume that even just using the unfamiliar word "OpenID" can scare away the average person. The average user has a mail and an account on vkontakte or classmates, that’s all. There’s nothing wrong with my sister not wanting to get into some obscure stuff with strange names (such as OpenID), it’s perfectly normal. Most people, I think, will never know what OpenID is at all. This is the premise I propose to build the user interface around.
Here is my version of this interface :
This is actually the registration/authorization form on the site pip.ec The user does not need to check email, activate the account, or come up with a username and password. Moreover, in a lucky case, you don’t need to enter anything at all from the keyboard, 2 clicks of the mouse and that’s it, the person is registered.
But all this theory, which can cause different questions (whether people are not afraid of the transition to another site, whether people will press "authorize", etc.), which can only be answered in practice. So what’s in practice?
In addition to registration by OpenID on the site pip.ec made the possibility of normal registration. The statistics is as follows: with the help of OpenID registered more people than the usual way. There is not a single mention of the word OpenID on the site. People who register the usual way and have mail on gmail, yandex or rambler are very few. Of those who register the usual way, half are mail.ru users.
The upshot of all this is that OpenID 2.0, when handled correctly, makes life easier for users and increases the number of registrations. There is nothing geeky or marginal in the sense that users do not need to know that you are registering via OpenID.
Implementation, technical details
About the implementation. First, a little help, openid provider addresses (remove the underscores):
Second, about openid libraries. I’m sure that for different languages there are a lot of libraries that support OpenID 2.0, if you will write them in the comments, I will add them here. I have everything written in Django, the code is a bit specific and I haven’t separated it into separate application. For jango I would suggest to try new project Alexander Koval wrote (haven’t tried it myself), or this good app : django-authopenid , or this one : scipio
Third, for anyone interested, I highly recommend blog and forum about OpenID from Ivan Sagalaev (who, by the way, also
threatens to release in the near future released correct openid consumer for python/django). If something about OpenID is not clear, read the article from there : OpenID: myths and superstitions , there was already a link to it once on the hubra.
All that I’ve written here is far from being news, I just decided to systematize it all a bit and bring it to a larger audience. The thing is, that yes, it all seems to be nothing new, but we don’t see the projects which use this approach.
And also, an appeal to the mail.ru team. Maybe one of them will read this article. Please become an OpenID 2.0 provider. Sooner or later, the developers will figure out the trick and will make more mass sites with three buttons "yandex, gmail, rambler". All: and mail.ru, and users, and developers will be better if instead of 3 buttons will be 4: "yandex, gmail, mail, rambler.
If you also think that it would be great if mail.ru became an OpenID 2.0 provider, you can write more letters to the technical directorate of mail.ru, the address is here : corp.mail.ru/contacts.html