Well, you probably have guessed it already, I am talking about myself, of course. Tonight I have tried logging in to the excellent German event managing application Wevent (see my earlier review) again. Logging in worked perfectly, just the way anyone familiar with OpenID would expect. However my profile was gone. No friends, no events, just an empty profile, a new user.
So what went wrong? Usually I use my blog’s URL notsorelevant.com as my OpenID and delegate to my OpenID provider. This is very comfortable because delegation allows me to switch providers without losing contacts and preferences at OpenID enabled websites. I always log in with my blog’s URL, not with the OpenID of my provider. That’s pretty cool and one of the real benefits of OpenID.
But some of you might remember that I had to update the Permalink Redirect plugin to get category feeds in WordPress again. The plugin provides an option to redirect all requests to www.notsorelevant.com. So if people are accessing the blog through notsorelevant.com they are redirected to www.notsorelevant.com. That’s cool. Mostly.
Number 3.2.1. of the OpenID specs defines:
The End User is NOT REQUIRED to prefix their Identifier URL with “http://” or postfix it with a trailing slash. Consumers MUST canonicalize the Identifier URL, following redirects, and note the final URL. The final, canonicalized URL is the End User’s Identifier.
This simply means that I log in to Wevent with notsorelevant.com, the Permalink Redirect plugins redirects the request to www.notsorelevant.com and voila, a different URL, a new user. Wevent is not to blame but I am. So please be careful if you use any redirection and OpenID delegation. On the other hand Jyte does not care if I typed notsorelevant.com or www.notsorelevant.com in the login field even when redirection was activated. Do I miss any draft, extension or whatever of the OpenID specs?