Tuesday, December 13, 2005

Federated log-in & email validation

While playing around with an OpenID identity I received from Videntity, I saw an interesting artifact of the federated log-in mechanism.

At LiveJournal, I opted to sign in with my Videntity Open ID instead of using my local account. Everything worked great, I was redirected to Videntity, there I logged in, and was then redirected back to LiveJournal as my OpenID identity.

However, when I clicked on 'Manage My Account' at LiveJournal, I saw the following

Because my account at LiveJournal was virtual, there was no email that would have been validated through the normal registration process. When I clicked on the 'Not Validated' string, I saw this

LiveJournal didn't have an email for me so it tried to create one.

This is of course in no way specific to OpenID but just reflects how LiveJournal's account management mechanisms assumed an old-style account in which I would have supplied an email at registration.

If I had instead supplied my email to Videntity, then (assuming I authorized its release) it could have been passed to LiveJournal and there would have been a validated email for me (albeit validated by Videntity) for LiveJournal to display.

No comments: