Cross-application authentication

I’m beginning work on a new web project that will be using two third-party applications, WordPress and MediaWiki. I’ve realized that the downside to using two separate applications is the need for two separate logins to fully use all of their features. This is something I’ve experienced, having to use multiple logins on a single site, but this is the first time I’ve run into it in something I’m working on myself.

An example: someone wants to post a comment on an article. They’ll first have to create an account on the WordPress part of the site. At some point after that, they want to contribute something to the wiki. They’ll need to create another login for that part of the site. All this hassle, even though the two applications are part of the same site. Two logins means two passwords, and the possibility that their preferred username is available in one place but not both, meaning they can’t use the same ID across the whole site. It’s a headache and I’m afraid it may discourage people from participating. I’ve been googling around a bit in the hopes that someone has managed to hack the two together. So far I’ve found a few other people who would like to do this, but none who actually have.

This is exactly the problem that projects like Typekey and OpenID were created to solve. Unfortunately, neither of them are in widespread use yet. The next version of WordPress will support OpenID, and the MediaWiki developers are working on some sort of single sign-on system that can be used across all MediaWiki sites, but haven’t yet promised that it will work with anyone else.

According to Brad at LiveJournal, who created OpenID, As time goes on, there’s rumors of upcoming support in Movable Type, WordPress, MediaWiki…, which is a good sign. There will also be some sort of compatibility between OpenID and Typekey, but I’m not sure how that will work, exactly. Typekey is owned by Six Apart, who also owns LiveJournal, so I’m sure we can expect something workable. That doesn’t help us now, however.

I haven’t looked at the code, but I wonder how hard it would be to abstract out the authentication functions of the two applications and have them use a single database table?


anildash says:

“Unfortunately, neither of them are in widespread use yet.” Actually, OpenID is enabled for all LJ users now, and will be available on TypeKey in a few weeks. Together, that’s over 10 million users who are OpenID enabled. I think that’s widespread, right? :)

kchrist says:

That’s a huge number of potential users, sure, but the important question is “How many third-party applications and services are using it?” At this point it’s pretty much limited to LJ and MT/TypePad users (please correct me if I’m wrong about TypeKey adoption).

It turns out that the WordPress guys are working on a MediaWiki extension to integrate the two applications’ user databases, which solves my problem perfectly. Once WP 1.6 is released I’ll be able to support OpenID as well, which will be nice.