All in the <head> – Ponderings and code by Drew McLellan –

Why Your Forum Software Needs OpenID

OpenID has been getting a lot of press lately, and rightly so. It really is a sea change in way user accounts for applications and services work. (If you’re not familiar with OpenID yet, check out this screencast by Simon Willison). One day in the hopefully not-to-distant future, we’ll be looking back and remembering what a pain it was when we used to have a separate username and password for every system we needed to access.

Which brings me onto web-based forum software. Forums sometimes do exist on their own as a stand-alone entity, but the more common scenario is for a forum to exist as an enclave within a larger site or service. No one wants to custom write forum software when there’s already dozens of really good systems out there – you’ve simply got better things to do.

The classic problem with dropping in an off-the-shelf forum is that forums require user accounts. If you site also requires user accounts and awkward situation arises. Either you need to require that the user signs up for two different type of accounts, or you need to engineer some kind of interface between the two systems to share that account information. The latter often limits you to choosing forum software that is going to be compatible enough to allow that to happen. One site I use channels traffic through a page with a form you have to submit to ratify your site account with the forum account each and every time you visit their forums.

So how does OpenID help? Most forums accounts are incredibly lightweight. You need to be able to track a user around the forum (so that their posts can be associated with one another), maybe give them some configuration options and apply any moderation that your situation requires. I don’t think there’s anything there that can’t be satisfied with a the OpenID Simple Registration Extension. Plus if your forum runs on the same domain as your site, and your using OpenID there too, the user may well have pre-authorised the whole thing already. As both systems will be using OpenID, you have a unique key that enables you to associate forum users with site users should you need to.

At last that sounds like a pretty good solution for dropping a third-party forum into a site that already has user accounts. So the question remains – if I’m already using OpenID or am even vaguely considering using it in the future, why would I choose forum software without this capability? Even if I was planning to do lower-level custom integration work between the two systems, having a common ID on both has to make that much easier. Basically, if there’s no OpenID support, I just don’t want to know.

So who’s has support currently? Using the HighriseHQ Forums I noticed that Beast supports OpenID. Beast is a Rails app, so probably not convenient unless you’re already running Rails for something else. There’s a phpBB project underway to provide OpenID in the popular PHP-based package. Those are just two I’ve spotted – if you know of more, please leave a comment. My personal hope was that Vanilla would have support soon, but it seems like although it would be easy to do, they just don’t care which is a real shame. There’s a good opportunity there for someone familiar with PHP and the Vanilla codebase. (Update: development of an OpenID add-on for Vanilla is now being reconsidered. Thanks guys!)

(And yeah, I know I should have OpenID on this site too. I’m due a rebuild … more on that in a future post.)