I just recently finished developing another website application with a mobile client (will post about it shortly) and ran into the common annoyance of how to deal with logging into your account from your mobile.
For Mapufacture Mobile we require the user to login once, and after that we recognize their handset and don’t require login. This new site supports OpenID (coming to Mapufacture soon too), which isn’t really an option on the mobile handset. The client is through uLocate’s WHERE platform, so sharing a session cookie from a browser isn’t an option.
Also add on to that the similar problem of having to remember dozens of usernames and passwords for different services, while you’re out and about, and have a limited screen & keypad.
This seems to be exactly what OpenID was made for. I should be able to register my device to OpenID (phone number, SMS verification, simple web client) and from then on, have a single sign-in on my mobile that then authenticates any service on that connection.
OpenID Personal Directory
Not only that, but I should be able to log into OpenID Mobile and have a bookmarked list of these services. So once I login, I can pull up my blog posting, twitter, email, phonebook, etc.
I haven’t entirely thought through the mechanics. The concept is simple enough for web-capable phones using WebKit (iPhone) or Opera or whatever. However, how do you provide this on devices or for users that don’t have a web browser – and also enable the entire phone, not just web apps or WAP sites as Laurent points out.
Perhaps this is where OAuth comes in. OpenID servers should provide OAuth capability. This way anyone can request a validation token that works with other OAuth or OpenID sites from my actual OpenID provider.
- Nokia Phone Server
- TwitterVision (geo-twitter) API
- Mobile development
- Google & Authentication
- How do you handle unknown state of lost email?