The OpenID mobile experience

Two days ago, Ma.gnolia launched their mobile version, and it’s pretty awesome (disclosure: Ma.gnolia is a former client and current friend/partner of Citizen Agency).

In the course of development, Larry asked me what he thought he should do about adding OpenID sign-in to the mobile version. He was reluctant to do so because, he reasoned, the experience of logging in sucks, not just because of the OpenID round-trip dance, but because most identity providers don’t actually support a mobile-friendly interface.

Indeed, if you take a look at the flow from the Ma.gnolia mobile UI to my OpenID provider (using the iPhone simulator app), you can see that it does suck.

Mobile Ma.gnoliaiPhoney OpenID Verification

I strongly encourage Larry to go ahead and add OpenID even if the flow isn’t ideal. As it is, you can sign up to Ma.gnolia with only an OpenID (without a need for creating yet another username and password) and so without offering this login option, the mobile site would be off-limits to folks in this situation.

So there’s clearly an opportunity here, and I’m hoping that out of OpenIDDevCamp today, we can start to develop some best practices and interface guidelines for OpenID providers for the mobile flow (not to mention more generally).

If you’ve seen a good example of an OpenID (or roundtrip authentication flow) for mobile, leave a comment here and let me know. It’s hard to get screenshots of this stuff, so any pointers would be appreciated!

Author: Chris Messina

Head of West Coast Business Development at Republic. Ever-curious product designer and technologist. Hashtag inventor. Previously: (YC W18), Uber, Google.

21 thoughts on “The OpenID mobile experience”


    So, this might be a terrible idea. Or it might not.

    I could set up an identity provider that proxies to one or more other identity providers which will actually validate your credentials and talk to the consumer. My proxy provider would redirect to an appropriate provider based on some criteria. I think this is possible…

    If the criteria I use is User Agent then I would be able to use a different identity provider for my mobile use than from my desktop use. This is useful because not only do I probably want a different UI, I probably want a different security model. In the mobile case I might want to authenticate based on an SMS, my mobile browser might be able to use a client-side SSL certificate, a custom application running on my phone or some other mechanism to verify my identity that doesn’t require me trying to type my password. I might also want to keep myself logged in indefinitely on my mobile but not on my desktop.


  2. But isn’t part of the reason it sucks is that you’re passing the credentials off to a third-party site that has a different user experience than the one you came from?

    It’d be nice if MyOpenID and other providers offered iPhone/Mobile-friendly versions of their site, but I still think the underlying user experience problem with OpenID has to do with dealing with the middle man.

  3. I agree with Justin, OpenID providers need to start building out iPhone/Mobile-friendly experiences for login and completing OpenID requests. I’m guessing one provider will go do this and then the rest will rush to catch up.

  4. I think implementing OpenID into mobile sites is definitely a good idea because it keeps things simple (no I’m not bothered about the whole roundtrip business), it’s still the best way to make single sign on work on a variety of sites.

  5. Absolutely. OpenID providers should be providing mobile-friendly URLs for services like M.gnolia to point to.

    Meanwhile, I logged in via my ClaimID account and it was easy. Although, it asked for my nickname and email address again, which is a bit weird.

    (And, a related point, Chris – your OpenID login here was showing me David’s OpenID and I had a lot of trouble deleting it to write my own… In FF3b2)

  6. on my mobile i initially log into my provider and save it. then i log into the app. it makes it much easier as i dont have to go to
    provider to login everytime.

  7. What is going on ? There are plenty of “open” “decentralized” “single sign on/authentication/trust” frameworks already … Wouldn’t it be better to choose ONE and support it ? There is a case for a generic “open identification” system …

  8. Although Safari on iPhone implements all the functionality that one would expect on a mobile browser, it’s still a huge PITA to login and/or fill out a registration form using the iPhone’s keyboard.

    OpenID is a natural fit for iPhone friendly sites. It would be great if you could just reuse the same session that you have at your OpenID Provider at all the iPhone RPs that you visit. If you could just click a button to sign-in, even better.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: