When I play ping-pong with the Google OpenID provider, I can't get a friendly name/nickname/username (whatever you want to call it).
I get something atrocious looking like the following:
www.google.com/accounts/o8/id?id=AItOawmtAnQvSXGhRTkAHZWyxi4L4EKa7xoTT1dk
instead of something nice like
JohnDoe
What's the protocol for getting the user's name from Google in a nice friendly manner like say, myopenid does?
**I'm using DotNetOpenAuth*
Best Answer
You can't. The identifier that the OP issues is strictly up to the OP. The RP doesn't really have any say in it. Now, some OPs support offering attributes with the login, such as nickname, email address, etc. Google has very limited support for these, offering only email address.
Google chose to not issue user-recognizable identifiers because it's an information disclosure risk. Yahoo went both routes by offering users both a human-friendly and non-human-friendly identifiers that the user can choose between. MyOpenID and other OPs generally go with just a user-friendly identifier that the user picks when they sign up at the OP.
You may want to special case Google at your RP to pick a more friendly string to display to the user when they're logged in, or since Google isn't the only one that does this, write code to figure out when the identifier is unreadable and display something more friendly to the user so they know they're logged in (perhaps their email address or a nickname they pick on your site).
Caution: if you choose to display a more friendly identifier than the one Google issues, you must still use the official Claimed Identifier from Google for the official username of the user that you pass to
FormsAuthentication.RedirectFromLoginand for username lookup in your database. Anything else you put together usually introduces security risks.