[ckan-dev] thedatahub.org login failure

Tue Oct 25 17:06:30 UTC 2011

On 25 October 2011 16:09, Tom Morris <tfmorris at gmail.com> wrote:
> Thanks for the quick help.
>
> On Tue, Oct 25, 2011 at 8:41 AM, Rufus Pollock <rufus.pollock at okfn.org>
> wrote:
>>
>> On 24 October 2011 20:30, Tom Morris <tfmorris at gmail.com> wrote:
>> > When I attempt to log in to thedatahub.org using my Google account, I
>> > get
>> > redirected to the OpenID authorization page, authorize the access, but
>> > then
>> > when redirected back to thedatahub.org, I get Login failed. Bad username
>> > or
>> > password. on the page at http://thedatahub.org/user/login
>>
>> Do you already have an account on thedatahub.org. We have recently
>> changed so that you can't login in via openid without already having
>> an account (it's the only way we have essential stuff like a decent
>> username for you and an email!).
>
> That kind of defeats the whole point of OpenID.

Perhaps but to be honest we have found OpenID a real problem in all
kinds of ways. Emails are sort of essential for standard things like
mailing your users about news or events. OpenID does not give us this
(OpenID has extensions that give us this info but they aren't hugely
reliable across providers). Another problem: OpenID provides no way to
give us decent user name info (again its fixable do stuff post login
but a PITA for us and users). Another problem: lots of people find the
UX of OpenID a nightmare. etc etc.

If you want more on this see:

<http://productblog.37signals.com/products/2011/01/well-be-retiring-our-support-of-openid-on-may-1.html>

And links therein e.g.

<http://www.quora.com/What-s-wrong-with-OpenID>

>> > The URL for the authorization page is:
>> >
>> > https://accounts.google.com/o/openid2/auth?openid.ns=http://specs.openid.net/auth/2.0&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.realm=http://thedatahub.org&openid.assoc_handle=AOQobUcHvtS0gIYVpsA8bQy1VOBz5qrOIyoHTgowRxSFamyD35A2TQY1&openid.return_to=http://thedatahub.org/login_openid?janrain_nonce%3D2011-10-24T19%253A21%253A27Z62ylbi&hl=en-US&from_login=1&as=-692ca192f363e731&pli=1
>>
>> My guess is the classic problem we have google and openid login (and
>> why we are strongly minded to deprecate openid entirely): google's
>> openid identifier is per website and because ckan.net now redirects to
>> thedatahub.org it is not recognizing you.
>
> It seems like a step back to delete a feature like OpenID.

See above. Also we're not deleting it. But we are requiring you to get
an account first.

> I checked and it was going to thedatahub.org directly.  I had granted access
> to that and two different CKAN addresses (ckan.net and one other that I
> didn't note before I revoked it).
>
>> > Any idea what is going on here or what I can do to fix it?  In case it
>> > helps
>> > track this down, I think these are some of my historical edits (before
>> > the
>> > move to the new thedatahub.org
>> > domain): http://thedatahub.org/user/e0b6cba4-91e5-4312-8740-de1a2b9bcc7b
>>
>> OK, so I (any other sysadmin could do this) have changed your username
>> to tommorris. I will send you password via email. You could then login
>> and associate openid with your account (put it in openid field) though
>> issue with google is you don't know what it is before logging in with
>> it (your existing openid is already there).
>
> Not to look a gift horse in the mouth or anything, but if that account name
> is visible anywhere it will probably confuse people since that's the account
> name that the English Tom Morris uses (and he's a likely potential visitor
> to CKAN).

OK, well you can change your username (go to your profile page) -- btw
this isn't generally recommended but in this circumstance go for it.

> Anyway, after all this, Google's OpenID is still giving the same error
> despite my revoking and regranting access to thedatahub.org.  Unless you can
> think of anything else, I guess I'll just assume my previous edits will be
> unattributed and plan to log in using a password from now on.

We'll sort out attributing your edits :-) but yes loging in via
username / password is going to be better than google openid.

Rufus

> Thanks for your help.
>
> Tom
>

-- 
Co-Founder, Open Knowledge Foundation
Promoting Open Knowledge in a Digital Age
http://www.okfn.org/ - http://blog.okfn.org/