Why do I have to complete so many login forms?


#1

Hi Opendesktop community and admins, first of all, thank you for your hard work!

Since so many things are changing lately regarding the site (UI, ratings etc…) I noticed that also some steps are becoming more cumbersome with respect to what they were before.

This is my routine: I open the KDE Store bookmark (https://store.kde.org/) and then I log in into the site by clicking on the button on the top-right side.
Once I’m logged in, if I want to see the payout I have to complete another login form (https:// www. pling. com/u/username/payout) and so I have to insert once again my username and password.
Finally, in order to participate to a discussion board I have to fill yet another login form.

Why so many login forms are required? I thought that the Kde Store, OpenDesktop etc were sites tightly linked to Pling.com, so if I login to one of the sites I should be recognized as a user of all the other sites, am I wrong?

Thank you for your attention, have a nice day!


#2

Hi mrcuve0,

you are right, that the goal is to make it a 1-click login for everything.
We are currently working towards that, but ultimately it is a “security feature” from most browsers who for good reasons do not allow to make it easy to re-use one authentication for multiple purposes. Since all the subsystems are based on opensource stacks, we need to combine them, so for example store.kde.org is managed by KDE, and the have a cloudflare like thing in between. Discourse for forums software has OAUTH like Riot for CHAT, but both could be to doublecheck before granting you access (like when you need to re-athenticate in github from time to time).

This could also be an advantage if you have more than one account thoguh, so you could be logged in pling with user A while at the same time use the chat with user B.

The new changes we plan for the backend will allow a tighter integration though and result in a much revised “opendesktop ID” + userpage.
It just needs time to do these things (like it took also Google quite some time to implement that across their sites like maps, youtube, etc.).

So we are on it, stay tuned and sorry for the little inconvience in the meantime (according to the browser developers, it’s for your own good).


#3

Thank you for your reply! It’s good to have a nice feedback from you, as well as your intentions for the future. I really like when “all the future plans” are clear and can be discussed, this is what a community should be.

This is no big problem actually, it’s just a matter of reinserting two strings, I think we can all live with that on the meantime : there are far more serious problems these days! :grin:
Take your time and keep up the good work!

Greetings!


#4

What is the need for so many different URLs? Can’t the site just detect the hostname/server uri the user is on and offer that irregardless of when they decide to login?

I always enter through opendesktop.org yet I am tasked to sign in to pling - when I do that it seems I also have to sign back in to opendesktop.org

I am trying to update an application and I can’t seem to find my ‘products,’ either.
Edit: I found the products area, but this current setup is very non-intuitive and seems inspired by Zendesk…


#5

Yes, that is true.
If you have any tip on how to solve the issue that modern webbrowsers do not easily allow crosslogins anymore due to security reasons, that would help.
Due to that reason we are currently reorganizing all sites, removing more and more URLs to /s/Subsections that use pling.com.
Then there will be the Personal Section on opendesktop.org and all store related things on pling.com.
Sorry for the inconvenience meanwhile.


#6

The logic should be server-side and detect the hostname of the site the user is on. If I enter on opendesktop.org, I shouldn’t be prompt to login to ping, too.

Failing that, there should be API’s exchanged between pling, opendesktop and whatever URLs are used that allow for SSO/single sign on.

Bouncing people around to different domain names is what breaks the session. There is really no reason for crosslogins nowadays.