[Python-Dev] Python wiki (original) (raw)

"Martin v. Löwis" martin at v.loewis.de
Sun Sep 26 09:12:30 CEST 2010

1) Registering via OpenID is a bit clumsy since there is a "Register" link that does not mention OpenID.

Thanks. Fixed.

2) The URL registered with the OpenID provider is a bit of a wart: "http://pypi.python.org/pypi?:action=openidreturn" vs. "http://bitbucket.org/"

You mean, as this is what the provider then shows you for confirmation?

Unfortunately, this can't be changed anymore, or many of the existing accounts break. When I started this, I was more unclear about the relationship of "realm" and "return URL" (I'm still unclear, not having used a realm yet).

3) The email I received asked me to "Complete your Cheese Shop registration" which I think is just an oversight since the relabeling to pypi.

Ok, fixed.

4) It's a bit clumsy that "Login" pops up an HTTP Authentication prompt, which is useless to someone who only has never set a password and relies only on an OpenID credential. Furthermore, the 401 page does not provide a quick way to get to use OpenID.

I think there is no way out wrt. to the basic auth prompt. I could label the "Login" link "Password login" if you think this would help. Preventing the browser from prompting the user on the chance they might want to enter an OpenID is not possible, and stopping to use basic authentication is not feasible.

In general, I am pretty happy with pypi's support of OpenID considering it allowed me to use my own provider, which often has not been the case with other sites.

I guess you are then not in the class of users Guido was referring to, but rather in the "ultra geeks" class. What regular user is actively searching for an "OpenID provider"?

If you were using your facebook account (or some such) to log in (i.e. a service that "the masses" likely use and which happens to be an OpenID provider), I'd rather add another provider icon to the front page.

Although, I think it would be nice if I didn't have to go to another page to do that, but I may be biased by having such a short OpenID URI.

This is actually deliberate. I don't want to clutter the front page with a wide entry field. And again, enjoying a short OpenID URI probably does put you in the "ultra geek" category (which I seriously don't mean as an offense).

I've learned that OpenID really is a mystery even to the fairly technical usership of PyPI. As an anecdote, a user was puzzled that, after registering the Google OpenID, all you need to do to login is to click on the google logo, and that no user interaction at all was required. This counters established expectations about security so much to actually confuse long-term internet users.

Regards, Martin

More information about the Python-Dev mailing list