Super Volatile

Krzysztof Szafranek's link blog

Hi, I'm Krzysztof and I make websites.
When I'm not making websites, I read these.
 
Dec 22, 2010 / 2:27pm

Open ID Is A Nightmare

People would login successfully once, pay for a subscription, then login later and the sub would be gone. Turns out that Yahoo and Google have a different idea about what Open ID is supposed to do - because the the Identifier used for these users would change based on... some voodoo (sorry, but that's all I can deduce).

All of a sudden Google (by far our most popular provider) would change the token (the encrypted value on the end of the Open ID) and boom - you're completely lost to us. We have no other way of knowing who you are - and more than once I've had to track people by their PayPal accounts (we track the transaction ids - which we can look up through PayPal to find out who you are).

more on blog.wekeroad.com

Open ID was taunted to be a solution to the web authentication hassle. It turned out to introduce its own problems, however, as this story shows.