OpenID: Simple Registration and 37signals

OpenID protocol has extension called Simple Registration (sreg). It is meant to exchange some additional info about user, not only authentication info. That way user logging first time with it’s OpenID account to some service didn’t have to write again data like date of birth, country or time zone.

When I was using OpenID first time as developer I was stuck over one simple issue. Whole process was successful but for some users application did requested data via Simple Registration every time user was logging in. It took me a little time to find cause.

OpenID id is full blown URL (with additional parameters after host name), however most often used in form http://username.identity.provider.com/. My problem was when user typed URL without trailing slash. Authentication was successful, but I was checking user database against what user typed in. Since there was no such user I was requesting additional data via sreg. When authentication was successful I was creating user from data returned from OpenID provider. But this id was with added trailing slash (like I was typing in http://netmaniac.openid.pl and server returns http://netmaniac.openid.pl/). Difference is minor ;) but when I was trying to log again in user database is no http://netmaniac.openid.pl (missing trailing slash)…

I felt much better when I wanted to write bug report to 37signals (minor issue with Highrise). Well it seems that they allow to use OpenID as login but in strange way. You have to sign into 37s forum and use OpenID only as authorization service. Strange is that when You try to login with OpenID without creating account on 37signals site, it asks OpenID provider for data required to complete registration (mandatory fields) through Simple Registration and then You got Sorry, no user by the identity URL "http://netmaniac.openid.pl/" exists.

PS
As a result I did not report bug – somehow disappointed by not fully supported OpenID I lost my will to fill another account creation form ;)