OpenID on mobile / mobile
I am trying to setup OpenID authentication on the mobile version of my site (ASP.net MVC, dotnetopenid). When I tested it before (using WAP internet, Sony Ericsson w200i), it redirected the ISP back to normal, but it was very slow from the start and then completely failed due to what I suspected it was too big a page ...
Does anyone know of a good way to implement OpenID for slow WAP users? Do providers provide a dedicated mobile page?
If OpenID is difficult to implement on a phone, are there any alternatives besides username and password?
source to share
There are a couple of problems that can happen on a mobile phone:
-
Request size: OpenID can sometimes have a large payload. This could mean a large HTTP GET or POST url. Aside from being a potentially slow redirect, if the RP or OP implement OpenID poorly, it could cause the browser to actually terminate the request, resulting in user breakdown. (DotNetOpenId / DotNetOpenAuth is careful with request sizes and transitions between GET and POST as needed). To mitigate this risk and speed up your work, use only OpenID extensions and require absolutely necessary attributes.
-
Incomplete Javascript Support: Some RPs and OPs rely on browser Javascript support to aid in redirects (especially when using POST). Some phones don't support (enough) Javascript and this will break the user experience again. Most sites and libraries (including DotNetOpenAuth) mitigate this risk by displaying a "Continue" button that the user can click if Javascript doesn't work.
Other than that, there is nothing special about OpenID that should make OpenID not work on the phone. One thing to keep in mind is related to the small form factor of phones, key entry is difficult and therefore authentication cookies should probably last longer so users don't have to log in frequently (with username + password or OpenID ). Plus, this is their personal phone, so it's not as much of a security risk as to keep them on the system like a shared computer.
source to share