So much for “the venerable OpenID”


Remember just three weeks ago I was ranting about how MDN assumes you use GitHub and forces you to use it to log in without providing any alternatives? Remember I mentioned “the venerable OpenID”?

Turns out it wasn’t so venerable after all. OpenID 2.0 was superseded by OpenID Connect (which is based on OAuth 2.0, a different kind of “auth”) some years ago, and providers have slowly been removing support for OpenID 2.0 over the last couple of years. Yesterday Stack Exchange was the latest to announce that they were dropping OpenID 2.0 support:

Stack Overflow was an early and strong supporter of OpenID. We built our sign up/log in flow around it. We were idealistic and had high hopes, but these hopes weren’t realized. Over the years people have wondered if OpenID is dead. We’ve had to remove support as OpenID providers pulled support or shut down.

The time has come to part ways. The reality is OpenID support has created a ton of complexity in our codebase and the number of users actively using OpenID simply don’t justify that cost. Users have spoken with their actions. You prefer Google, Facebook and Stack Exchange (aka email/PW) based account auth.

To be fair, even I don’t use OpenID to authenticate with Stack Exchange anymore. But that’s because several years ago, I switched from using my OpenID to authenticate with Stack Exchange, to using Stack Exchange as my primary OpenID provider. So, in a weird twist of irony, I’m impacted not in my access to Stack Exchange, but in my access to other sites via Stack Exchange OpenID.

Note that my change of provider had nothing to do with OpenID 2.0’s already ongoing demise; it was just a matter of moving to a provider I felt was more appropriate for my needs, since I’d stopped actively blogging @ I would continue using Stack Exchange OpenID for as long as OpenID 2.0 remained around, because Stack Exchange stated they’d continue supporting it for as long as they remained in existence as a company.

Of course, things are different now. With the OpenID 2.0 protocol being made obsolete by the OpenID Foundation itself, there really is no obligation for Stack Exchange to continue supporting their OpenID service. So I’m not going to accord them any blame. It’s entirely my fault for somehow completely missing the memo on this whole thing. Perhaps Stack Exchange’s decision to drop OpenID was the wake-up call I needed after all.

Good thing I’ll have the next quarter to work on migrating my accounts on sites where I’m using Stack Exchange OpenID to authenticate. I know that I can just switch back to OpenID, but let’s face it, it’s only a matter of time before Automattic follows suit.

Before I go, let me be clear on my views of all this:

Add a comment

Things to keep in mind: