Open ID on Mobile Devices
I’ve recently been playing around with a new idea for a mobile web application and was looking forward to pushing the OpenID cause with it. This is my first attempt at using OpenID for sign on and probably my last for a while. In principle, I’m all for it. Even with the potential flaw of someone getting access to several of your accounts with just one set of credentials, it’s always felt like an obvious missing technology on the web and I’m glad to see it get some momentum.
I’m a big mobile application fan and it feels as though there’s a lot of buzz around them this year. As mobile devices get better and location aware platforms such as Yahoo’s FireEagle begin to emerge, I think everyone has a head full of cool ideas. However, I found out that OpenID and mobile applications aren’t the best match. If you’ve played with OpenID already you’re probably familiar with some of potential pitfalls. Here are some of the biggies I found while using it in with my mobile app.
As with any web application consuming an OpenID, you briefly lose control of what the user is seeing to the provider. In my experience, this isn’t a huge issue and the process is fairly straight forward. In the case of a mobile application however, it’s pretty important that we ensure what the user sees is mobile friendly. I’m yet to find a major provider churning out acceptable mobile versions of their sign in process. Anyone who has tried using a mobile site on a phone knows that they want the whole process to be simple and preferably with as little data use and cumbersome keypad typing as possible. This is a show stopper for me until a majority of providers are showing full mobile support. Even if mobile friendly providers started turning up you still can’t ensure that your users will be using one.
Let’s assume we’ve finally got a nice mobile friendly OpenID provider that you’re quite happy to relinquish control to for logins, marvellous! The next frustration I found myself facing is the sheer extra effort of typing in a URL for a user name. Most phones will try to help you out when it knows you’re entering a URL to browse to with some short cuts, but your standard text input on a phone won’t make entering a URL very easy. It’s just an extra annoyance.
Finally, I realised that any existing web site already accepting OpenID that wanted to develop a mobile version wouldn’t be able to avoid these problems. If you have started accepting OpenID, you’re locked in (unless you really want to confuse users). For now, I’d recommend holding out on OpenID in your mobile applications.