Scenario: A
user logs onto a site (for example, StackOverflow) using OpenID. After a year, they will return to the site, but their OpenID provider has gone out of business and will not allow them to enter the system.
What is the best way to get rid of them? And are there any OpenID-enabled sites that you know about that have already implemented a solution for this?
There is a great article on how best to use the best practices , and they have a good suggestion, but I'm still looking for an example of this in action:
Provide Lost Identifier functions to switch to a new identifier without access to one
Provide a mechanism to switch the account to use the new identifier without access to the identifiers (names) associated with the Account. It may have a similar look to the traditional "Forgot your password?" dance email, assuming you have an email address in the file.
Rationale: Users sometimes lose the ability to use their identifiers, for example, when their provider stops offering them services. This functionality allows users to recover from this situation without losing their data.
I have some vague idea of โโhow I can do this with a token that is sent to the user's email address. But then again, if someone else came up with a good solution with the details, I might not have thought yet, then it would be better.