TO-DO LIST Status: 3.43 20131103 Bugs and suggestions should not be listed here but should be filed in the bugzilla bugtracker http://preview.tinyurl.com/openid-bugs ? more details are needed to understand the "to do" * resolved, or partially resolved, wontfix - open + fixed ? Dynamic HTML swap in of OpenID login form on Special:Userlogin ? OpenID extension to share MW settings ? Optionally redirect User: page to OpenID URL ? AJAX login, rather than klutzy JS form ? Provider-driven identifier selection (eh? do we care?) ? Auto-login if you've logged in before with an OpenID, and are logged into that account now - Configure some stuff through Special:Preferences or a dedicated control panel - Auto-login if you've logged in before with an OpenID, and are logged into that account now - $byEmail parameter of AddNewAccount hook: should this be false, or true ? - i18n of OpenIDDashboard.body.php - redesign MediaWiki extension and php-openid library paths to avoid $path=array( dirname( __FILE__ ) ); set_include_path(implode(PATH_SEPARATOR,$path).PATH_SEPARATOR.get_include_path()); in OpenID.setup.php. I don't know, if it can be avoided. - keep user from mailing new password in OpenID account except case S/OO - keep user from setting password in OpenID account except case S/OO - OpenID-only enabled account owners cannot set their password when the account lacks an e-mail address - which cannot be set up because they don't have a password (race condition) https://bugzilla.wikimedia.org/show_bug.cgi?id=34357 This is a regression from implementation of Changing your email address should require entering your password https://bugzilla.wikimedia.org/show_bug.cgi?id=20185 - participate in account-creation throttle - audit to prevent circumventing blocks/bans - share timezone when/if available - Manage allow-to-trust settings in User preferences - optimize trust storage - If user logs in with OpenID, add a cookie, and auto-login next time with check_immediate - configurable regexps for finding a user ID from an OpenID. - deal with difference between canonical ID and "display ID" with XRIs - support RP discovery * warn if a user account has been used as a login before attaching an OpenID (I think, this is solved; marked with * instead of +) * Configure some stuff through Special:Preferences or a dedicated control panel (under construction, see Special:OpenIDDashboard)