OpenID-ALL

check_authentication issue with ruby-openid

Sun, 24 Jan 2010 10:06:46 -0800

Hey all,
I still get this error and which is so random that I am unable to figure out. After successfully getting user to sign up and choose the openid identifier, upon redirection to my site, I get this error. Although I get this error most of the times, there are times it does work.

Verification failed: Server https://open.login.yahooapis.com/openid/op/auth responds that the 'check_authentication' call is not valid

I send the discovery request to
http://www.yahoo.com
I also try http://www.yahoo.com/

It just seems to work now and then but not consistently.. What does this error mean? I am using ruby-openid with rails. I couldn't locate any such known issue?

Here is the response I get which results in a failure from my openid library(ruby-openid)

/openid/complete?did_sreg=y
openid_identifier=http%3A%2F%2Fwww.yahoo.com
openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
openid.mode=id_res
openid.return_to=http%3A%2F%2F******%2Fopenid%2Fcomplete%3Fdid_sreg%3Dy%26openid_identifier%3Dhttp%253A%252F%252Fwww.yahoo.com
openid.claimed_id=https%3A%2F%2Fme.yahoo.com%2Fvivek200120%2309a1b
openid.identity=https%3A%2F%2Fme.yahoo.com%2Fvivek200120
openid.assoc_handle=ROz8w.0c2PKLaJgKo3FmFwrZGCBIfaoMuVywzTOJKceszP4EfujBk7LFSTHK
pZJekE6Ll9QQySwrjaXCLjsVfbZhSQ7h0hCKxNCFuFddjGxotQNY_NrGnWNYm6vnKG4Scw--
openid.realm=http%3A%2F%2Fcoupl.in%2Fopenid
openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
openid.ax.mode=fetch_response
openid.ax.value.email=vivek200120%40yahoo.com
openid.response_nonce=2010-01-23T11%3A28%3A31ZHuMOdOEe9FguaEVn5f36_qd52LT0KBuaMQ--
openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Cax.value.email%2Cax.type.email%2Cns.ax%2Cax.mode%2Cpape.auth_level.nist
openid.op_endpoint=https%3A%2F%2Fopen.login.yahooapis.com%2Fopenid%2Fop%2Fauth
openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
openid.pape.auth_level.nist=0
openid.sig=*************

OpenID attribute exchange

Thu, 21 Jan 2010 03:54:16 -0800

Hi,

I have been trying to fetch user's nickname and email with the attribute exchange extension of openid.

The Auth_OpenID_AX_FetchResponse() class fromSuccessResponse is able to fetch the details of a gmail user, but these details are not accessed when I am trying to log in using my yahoo login credentials.

The object for attribute exchange comes blank after successfull verification.

Please someone help me.

Using BBAuth, hoe to get the email address

Mon, 28 Dec 2009 03:05:11 -0800

Hi,
I am facing a few problems while working with BBAuth ( http://developer.yahoo.com/auth/ ).
First of all I want to say it is really a wonderful document.

While returning from Yahoo login page it come to my website's endpoint link,
where I am getting the following output:

Test BBauth
BBauth authentication Successful
The user hash is: ped.......oG...........YYY44- (this id is altered by me)
appdata value is: some_application_data

My requirement is that is there any way to get the user's email address at this endpoint,
because i need to save the email address in the database and also I need to send mail
to the respective yahoo mail id.

With regards,
Indranil Basu.

yahoo openid needs user authorization every time?

Thu, 17 Dec 2009 22:23:51 -0800

Hi,

I have Google and Yahoo openid both working. The difference is that Google does not prompt user for repeat authentications and redirects to return page right away; whereas Yahoo asks user to Accept every time.

Is it a bug or a feature on Yahoo's openid implementation?
Thanks,

login in yahoo with open id help me

Tue, 15 Dec 2009 02:02:55 -0800

i looked link below https://login.yahoo.com/config/login?.intl=...-%26.scrumb%3D0
then a user login successed url will be direct to link http://security.enbac.com and i want do it in my website http://virutnhoc.com
how to make it
help me please
thanks !

login in yahoo with open id help me

Tue, 15 Dec 2009 02:02:55 -0800

no body and no answer

Yahoo now supports Attribute Exchange

Fri, 04 Dec 2009 14:51:52 -0800

Hi All,

We're very happy to announce that we've *finally* enabled Attribute Exchange for all sites. Name, email address, profile pic, gender, timezone, and language preference are now available via Attribute Exchange.

More details are here:
http://bit.ly/yopenidax

Cheers!
Allen

yahoo open id in rails

Wed, 25 Nov 2009 02:25:29 -0800

i want to bind yahoo open id auth....in my app is tere any plugin for me.......else how do i get user email and name from yahoo after sign in ......

Yahoo! please fix your OpenID auth!

Sun, 22 Nov 2009 06:21:16 -0800

Ok this is getting ridiculous!! Here I am trying to test out OpenID auth with Yahoo! and everytime I make a few changes in the code I get this!!!

"This page has expired, go back to the original page and please try again"

I'm a developer and I'm trying to develop OpenID plugins for people to use so I am testing lots of sites and libraries (primarily PHP) and constantly getting this from Yahoo! is getting ...as I said ... ridiculous!

I seems to happen when I change the realm. I am working with various subdomains on a virtual hosting platform so I usually start out with the realm defaulting to the "return_to" but then after some initial testing I change the realm to use a wildcard like "*.example.com" and as soon as I do I get the dreaded error message above. Come on now Yahoo! I don't have to deal with this crap from Google. In my opinion it's a pointless "security" (if that's what it is) mechanism.

Yahoo! please fix your OpenID auth!

Sun, 22 Nov 2009 06:21:16 -0800

Something has changed. The few sites I was having trouble with now work. I'm wondering if Yahoo! imposes a limit on auth requests??? I'd hope not.

Yahoo! please fix your OpenID auth!

Sun, 22 Nov 2009 06:21:16 -0800

Because YH upgrade to OpenID v2.0. You can reference this url http://blog.facilelogin.com/2008/07/let-re...id-relying.html to fix.

Yahoo! please fix your OpenID auth!

Sun, 22 Nov 2009 06:21:16 -0800

The problem is not with discovery but how Yahoo! handles realms. Supposedly they support wildcard realms but when I try to use one I get that warning on their login page.

"Warning: This website does not meet Yahoo!'s requirements for website address. Do not share any personal information with this website unless you are certain that it is legitimate."

Take a look at the realms section in the specs:
http://openid.net/specs/openid-authenticat...2_0.html#realms

If return_to is http://www.example.com/login
then a realm of http://*.example.com is a match and should not produce an error

Yahoo! please fix your OpenID auth!

Sun, 22 Nov 2009 06:21:16 -0800

Hi Chey - sounds like this may have been a caching problem - the Yahoo OpenID screens have a 10 minute timeout, based on your description, it sounds like your browser may have been reloading or replaying an expired auth url.

In the future, please post a link to a reproducable test case, and we can try to debug the issue.

Thanks
Allen

QUOTE (chey.smith @ Nov 22 2009, 06:21 AM) <{POST_SNAPBACK}>

Ok this is getting ridiculous!! Here I am trying to test out OpenID auth with Yahoo! and everytime I make a few changes in the code I get this!!!

"This page has expired, go back to the original page and please try again"

OpenID problem (error rather than warning)

Sat, 21 Nov 2009 17:56:56 -0800

I've set up a test website that acts as an RP:
https://jck.golgotha.org.uk/WebRPApplication1/

When I tried to log in with my Yahoo! account, I got the familiar warning, so I've read through various documents. I've created an XRDS file:
https://jck.golgotha.org.uk/WebRPApplication1/xrds.xrd
and I've verified that this has the right content type ("application/xrds+xml"). I'm advertising it through a custom HTTP header ("X-XRDS-Location") on Default.aspx.

When I try to login, I get three relevant entries showing up in my firewall log (from a Yahoo! server):
1. Accessing the main folder.
2. Retrieving the xrds.xrd file.
3. "A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake."

However, in my web browser I then get an error message:
"An error occurred and you will not be able to use your Yahoo! OpenID for this site."
This is worse than the old warning, because there's no way for me to continue. However, I don't know what's causing this error. Is there any way to get more detailed diagnostics?

I've put a longer description on my blog, with screenshots:
http://johnckirk.livejournal.com/289938.html

Anyway, if anyone can see what I'm doing wrong, I'd be very grateful for your assistance.

Warning problem

Sun, 15 Nov 2009 05:41:10 -0800

I have setup openid for my domain just now, and i think i've setup it properly according to documents,

But still Famous Warning !!!

I checked my header, sending a proper content type as application/xrds+xml for yadis file

Please help as i am getting frustrated from past 2 days.....

i've setup it at domain http://login.sachan.co.in

return_to parameter is http://login.sachan.co.in/login.php?action=verify in XRDS Document

Please Help

Warning problem

Sun, 15 Nov 2009 05:41:10 -0800

QUOTE (Divyesh @ Nov 15 2009, 05:41 AM) <{POST_SNAPBACK}>

I have setup openid for my domain just now, and i think i've setup it properly according to documents,

But still Famous Warning !!!

I checked my header, sending a proper content type as application/xrds+xml for yadis file

Please help as i am getting frustrated from past 2 days.....

i've setup it at domain http://login.sachan.co.in

return_to parameter is http://login.sachan.co.in/login.php?action=verify in XRDS Document

Please Help

Divyesh,

I get a 404 when looking for http://login.sachan.co.in/xrds.xml. It should be sent with http status code 200 and content-type 'application/xrds+xml'.

Warning problem

Sun, 15 Nov 2009 05:41:10 -0800

QUOTE (Dustin Whittle @ Nov 16 2009, 02:04 PM) <{POST_SNAPBACK}>

Divyesh,

I get a 404 when looking for http://login.sachan.co.in/xrds.xml. It should be sent with http status code 200 and content-type 'application/xrds+xml'.

My path to xrdf document is http://login.sachan.co.in/yadis.xrdf not as above ....

Anyway... Now my Warning is gone..... Thanks a lot for your help...

X-XRDS-Location on yahoo.com is gone

Thu, 12 Nov 2009 00:27:04 -0800

> HEAD yahoo.com
200 OK
Cache-Control: private
Connection: close
Date: Thu, 12 Nov 2009 08:24:56 GMT
Content-Type: text/html; charset=utf-8
Client-Date: Thu, 12 Nov 2009 08:24:56 GMT
Client-Peer: 203.84.202.164:80
Client-Response-Num: 1
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

>

It should be a X-XRDS-Location: http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds and it is gone.

X-XRDS-Location on yahoo.com is gone

Thu, 12 Nov 2009 00:27:04 -0800

anyone?

X-XRDS-Location on yahoo.com is gone

Thu, 12 Nov 2009 00:27:04 -0800

Please use https://me.yahoo.com for discovery.

Yahoo! authentication

Tue, 03 Nov 2009 04:30:53 -0800

Hi,
Is there a way where i can simply provide a username and password of Yahoo user and verify the credentials? I do not want to use BBAuth which requires application registration? Can you forward me some sample java code for same?

Thanks,
-Sachin

Yahoo! authentication

Tue, 03 Nov 2009 04:30:53 -0800

QUOTE (Sachin L @ Nov 3 2009, 04:30 AM) <{POST_SNAPBACK}>

Hi,
Is there a way where i can simply provide a username and password of Yahoo user and verify the credentials? I do not want to use BBAuth which requires application registration? Can you forward me some sample java code for same?

Thanks,
-Sachin

You can use OpenID with Attribute Exchange to verify the user's yahoo email address. Please don't ask the user for their password.

Thanks
Allen

Desarrollar en Español

Mon, 02 Nov 2009 18:10:27 -0800

Estoy muy interesado en aprender de todos los que me puedan ayudar a desarrollar mi sitio. Me considero bueno, pero el idioma es una gran dificultad.

OpenId and Oauth

Fri, 23 Oct 2009 04:04:21 -0700

hi,

I`m try implementing Google,Yahoo OpenId and Oauth into my site.
while google is working fine. yahoo show following Warning message in Agree Page.

https://open.login.yahoo.com/openid/op/star...2jFRKTvFi5.w2r7

Warning: This website does not meet Yahoo!'s requirements for a website address. Do not share any personal information with this website unless you are certain that it is legitimate.

i just included XRDS

http://mysite.com/xrds.xml

xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">

http://specs.openid.net/auth/2.0/return_to
http://mysite.com/openid/login.php

i have include meta xrds in file also
http://mysite.com/index.html and http://mysite.com/index.php

Can you Please help me solve this issue.

with regards,
mohan vinayagam

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

I have spent the last 3-4 hours now trying to get rid of that warning that Yahoo is presenting to the user. I think i have done everything right but i still get the message. I have tried so many stuff now that i don't really know what i tried and not tried.

I would be so greatfull if anyone want to take a look at http://alternativeto.net/login.aspx and try to login via yahoo and help me out.

Thanks!

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Ola @ Oct 16 2009, 04:59 AM) <{POST_SNAPBACK}>

I have spent the last 3-4 hours now trying to get rid of that warning that Yahoo is presenting to the user. I think i have done everything right but i still get the message. I have tried so many stuff now that i don't really know what i tried and not tried.

I would be so greatfull if anyone want to take a look at http://alternativeto.net/login.aspx and try to login via yahoo and help me out.

Thanks!

Ola,

The problem is you likely do not have a valid XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. it's all just a static XRDS doc.

Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page.

CODE

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
    <XRD>
        <Service priority="1">
            <Type>http://specs.openid.net/auth/2.0/return_to</Type>
            <URI>http://yourdomain.com/login.aspx</URI>
        </Service>
    </XRD>
</xrds:XRDS>

Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:

CODE

<meta http-equiv="X-XRDS-Location" content="<your XRDS URL HERE>" />

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

I already have a xrds document located here: http://alternativeto.net/xrds.aspx

I think it should have the correct content-type and so on. I also have a meta tag both on the login.aspx page and the default document page (index.aspx).

I also set a header Response.AddHeader("X-XRDS-Location", "http://alternativeto.net/xrds.aspx");

But i still get the warning. It mest be something strange somewhere. Can i debug this in some way via firebug or something and see what Yahoo is looking for or something?

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Ola @ Oct 19 2009, 06:06 AM) <{POST_SNAPBACK}>

I already have a xrds document located here: http://alternativeto.net/xrds.aspx

I think it should have the correct content-type and so on. I also have a meta tag both on the login.aspx page and the default document page (index.aspx).

I also set a header Response.AddHeader("X-XRDS-Location", "http://alternativeto.net/xrds.aspx");

But i still get the warning. It mest be something strange somewhere. Can i debug this in some way via firebug or something and see what Yahoo is looking for or something?

Hi Ola,

The problem is the X-XRDS-Location is set as 'http://dev.ohso.se/xrds.xml' which is inaccessible from the yahoo login servers. I checked with the following command 'curl -v http://alternativeto.net'

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Dustin Whittle @ Oct 19 2009, 07:03 PM) <{POST_SNAPBACK}>

Hi Ola,

The problem is the X-XRDS-Location is set as 'http://dev.ohso.se/xrds.xml' which is inaccessible from the yahoo login servers. I checked with the following command 'curl -v http://alternativeto.net'

Gah, i uploaded some local debug code. Everything should be pointing the correct way now but it still don't work.

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Ola @ Oct 20 2009, 10:54 AM) <{POST_SNAPBACK}>

Gah, i uploaded some local debug code. Everything should be pointing the correct way now but it still don't work.

The issue is the status code of the url (it must be http status code 200), currently the request is a redirect.

curl -v http://www.alternativeto.net
* About to connect() to www.alternativeto.net port 80 (#0)
* Trying 72.32.147.162... connected
* Connected to www.alternativeto.net (72.32.147.162) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.6 (i386-apple-darwin10.0.0) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
> Host: www.alternativeto.net
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Set-Cookie: X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8; path=/
< Content-Length: 148
< Date: Tue, 20 Oct 2009 22:28:58 GMT
< Location: http://alternativeto.net/
< Server: Microsoft-IIS/7.0
< X-Powered-By: ASP.NET
< Content-Type: text/html; charset=UTF-8
<
Document Moved
* Connection #0 to host www.alternativeto.net left intact
* Closing connection #0

Object Moved

This document may be found here

If you want to use www.alternativeto.net instead of alternativeto.net, you should specify www.alternativeto.net in the xrds document.

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Dustin Whittle @ Oct 20 2009, 02:30 PM) <{POST_SNAPBACK}>

The issue is the status code of the url (it must be http status code 200), currently the request is a redirect.

curl -v http://www.alternativeto.net
* About to connect() to www.alternativeto.net port 80 (#0)
* Trying 72.32.147.162... connected
* Connected to www.alternativeto.net (72.32.147.162) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.6 (i386-apple-darwin10.0.0) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
> Host: www.alternativeto.net
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Set-Cookie: X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8; path=/
< Content-Length: 148
< Date: Tue, 20 Oct 2009 22:28:58 GMT
< Location: http://alternativeto.net/
< Server: Microsoft-IIS/7.0
< X-Powered-By: ASP.NET
< Content-Type: text/html; charset=UTF-8
<
Document Moved
* Connection #0 to host www.alternativeto.net left intact
* Closing connection #0
Object Moved
This document may be found here

If you want to use www.alternativeto.net instead of alternativeto.net, you should specify www.alternativeto.net in the xrds document.

But is Yahoo automatically looking at www.alternativeto.net cause i use http://alternativeto.net everywhere so i supposed it would be looking at http://alternativeto.net/xrds.xml? I don't really see where the www is coming from. I i do a curl -I http://alternativeto.net i do not get a redirect.

HTTP/1.1 200 OK
Set-Cookie: ASP.NET_SessionId=h3v5tx5541ui3nqwgyk0ur2s; path=/; HttpOnly
Set-Cookie: pageProfileshortname=all; path=/
Set-Cookie: currentCategory=desktop; path=/
Set-Cookie: X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B; path=/
Cache-Control: private
Content-Length: 78749
Date: Wed, 21 Oct 2009 16:57:47 GMT
X-AspNet-Version: 2.0.50727
X-XRDS-Location: http://alternativeto.net/xrds.xml
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8

Thanks for all your help!

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

Anyone? I really do not get this :/

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

For what I can see, the problem is that you don't send the right content type along with the xrds file. It's sent as "text/xml" but should be "application/xrds+xml".

Make sure you add this header:

Content-Type: application/xrds+xml

and all should be good.

--
Visit http://www.ilikealot.com and share YOUR passion

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

Hi Ola -

I took a look at your site, and I can't figure out why you're seeing the warning, since you are correctly publishing the X-XRDS-Location HTTP header under your realm. We'll take a look at at our sever logs and try to debug the problem on our side.

Thanks for your patience, I'll have a response for you tomorrow.

Thanks
Allen

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (Wouter @ Oct 27 2009, 10:57 AM) <{POST_SNAPBACK}>

For what I can see, the problem is that you don't send the right content type along with the xrds file. It's sent as "text/xml" but should be "application/xrds+xml".

Make sure you add this header:

Content-Type: application/xrds+xml

and all should be good.

--
Visit http://www.ilikealot.com and share YOUR passion

I tried before when i had the code in a .aspx file and then i had Content-Type: application/xrds+xml .. i can switch back to that but i think i still get the warning.

QUOTE (atom @ Oct 27 2009, 09:44 PM) <{POST_SNAPBACK}>

Hi Ola -

I took a look at your site, and I can't figure out why you're seeing the warning, since you are correctly publishing the X-XRDS-Location HTTP header under your realm. We'll take a look at at our sever logs and try to debug the problem on our side.

Thanks for your patience, I'll have a response for you tomorrow.

Thanks
Allen

Thanks! It would be great if you can have a look at it and hopefully fix a problem both for me and for you guys! I will switch back to the .aspx file with "Content-Type: application/xrds+xml" tonight!

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

Hi Ola,

We investigated further, and have found the root cause. Unfortunately, we won't be able to fix it on our side until early December.

When the Yahoo OP verifies your return_to endpoint, we make an HTTP request to the URL of the realm in your authentication request to find the XRDS document. In your case, we make an HTTP request to http://alternativeto.net/

In order to help protect the Yahoo OP from getting stuck when making outbound requests, we impose a size limit on the amount that we'll download before we abort the request. The sizelimit is currently 50KB, which is admittedly way too small, and we'll be bumping it up to at at at least 256KB in December. The size for http://alternativeto.net/ is approximately 70KB, which exceeds our sizelimit. The sizelimit is only on the actual HTML that's downloaded when the Yahoo OP fetches your realm, it does not include any javascript/images/css/flash that's downloaded as separate objects. Most sites that use OpenID generally have very lightweight realms, so this is usually not a problem, although a few others have ran into this.

I do agree that there's room for improvement on the Yahoo OP, and we'll fix this the next time the Yahoo OP has its regularly scheduled maintenance in December.

In the meantime here's what you can do:

1) Try to shrink htttp://alternativeto.net, by breaking out some of the JS/CSS into separate files
2) Change your realm to http://alternativeto.net/login.aspx and add the following to the section of the doc - as you did on your home page:

Hope that helps, thanks forusing OpenID, and thank you for your patience in debugging this.

Allen

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

QUOTE (atom @ Oct 28 2009, 10:03 AM) <{POST_SNAPBACK}>

Hi Ola,

We investigated further, and have found the root cause. Unfortunately, we won't be able to fix it on our side until early December.

When the Yahoo OP verifies your return_to endpoint, we make an HTTP request to the URL of the realm in your authentication request to find the XRDS document. In your case, we make an HTTP request to http://alternativeto.net/

In order to help protect the Yahoo OP from getting stuck when making outbound requests, we impose a size limit on the amount that we'll download before we abort the request. The sizelimit is currently 50KB, which is admittedly way too small, and we'll be bumping it up to at at at least 256KB in December. The size for http://alternativeto.net/ is approximately 70KB, which exceeds our sizelimit. The sizelimit is only on the actual HTML that's downloaded when the Yahoo OP fetches your realm, it does not include any javascript/images/css/flash that's downloaded as separate objects. Most sites that use OpenID generally have very lightweight realms, so this is usually not a problem, although a few others have ran into this.

I do agree that there's room for improvement on the Yahoo OP, and we'll fix this the next time the Yahoo OP has its regularly scheduled maintenance in December.

In the meantime here's what you can do:

1) Try to shrink htttp://alternativeto.net, by breaking out some of the JS/CSS into separate files
2) Change your realm to http://alternativeto.net/login.aspx and add the following to the section of the doc - as you did on your home page:

Hope that helps, thanks forusing OpenID, and thank you for your patience in debugging this.

Allen

Cool! Thanks for the tips. It ofcourse always good to try to optimize the HTML. I will have a look at it and see what i can do!

Another "Get rid of the Warning" problem

Fri, 16 Oct 2009 05:59:24 -0700

Yey!

The warning is gone now! But i still need to optimize my site so it doesn't get that big. Just had a look at digg.com = 21kb, stackoverflow.com = 18kb, yahoo.com = 34kb .. optimization ftw!

I can blame asp.net for some of it. You can't change the name of controls and that makes every name of every control take up lots of bits. In the new version you will have greater control over the names. Or i switch to asp.net MVC ..

Thanks!

OpenID Licensing

Mon, 28 Sep 2009 02:22:48 -0700

I was wondering if anyone can direct me to the right person within Yahoo so that i may possibly discuss Licensing OpenID to them. I am a small time inventor who filed an application with the USPTO in 2004 that covers OpenID and am hopefull to get an issuance before year end. Any contacts would be great.

Thanks DL

Warning: www.showzey.com has not forwarded their Privacy Policy

Sat, 26 Sep 2009 11:50:04 -0700

Hi,
We are implementing OpenID protocol for our site http://www.showzey.com. Everything seems to work, except that users are getting the following warning:
"Warning: www.showzey.com has not forwarded their Privacy Policy"

What should we do to eliminate this warning? Should we add something to our XRDS document? Or we need to register our site with Yahoo! and provide our privacy policy?

Thanks,
Senad

Warning: www.showzey.com has not forwarded their Privacy Policy

Sat, 26 Sep 2009 11:50:04 -0700

I would love it if Yahoo would put that above my OpenId request - as that would mean I'd be receiving an email address along with the login.

Could you tell me which parameters you send to Yahoo in order to get this information?

I use Yahoo! OpenId to let ppl login on http://www.ilikealot.com/ - and I'm only getting the OpenId Identifier back in the after-authorization response..

As for how to remove the message / forward privacy information to Yahoo - I don't know.

Warning: www.showzey.com has not forwarded their Privacy Policy

Sat, 26 Sep 2009 11:50:04 -0700

QUOTE (Dizdar S @ Sep 26 2009, 10:50 AM) <{POST_SNAPBACK}>

Hi,
We are implementing OpenID protocol for our site http://www.showzey.com. Everything seems to work, except that users are getting the following warning:
"Warning: www.showzey.com has not forwarded their Privacy Policy"

What should we do to eliminate this warning? Should we add something to our XRDS document? Or we need to register our site with Yahoo! and provide our privacy policy?

Thanks,
Senad

I am getting the same message for my domain. How do you forward your Privacy Policy?

Warning: www.showzey.com has not forwarded their Privacy Policy

Sat, 26 Sep 2009 11:50:04 -0700

Sites using Attribute Exchange or Simple Registration (to get the user's email address, etc) must include the site's privacy policy url in the openid.sreg.policy_url request parameter, as documented in Section 3 of the Simple Registration spec:

http://openid.net/specs/openid-simple-regi...ion-1_1-01.html

Unfortunately, the authors of the Attribute Exchange spec forgot to include the Privacy Policy request parameter in the Attribute Exchange 1.0 spec, so you'll still need to use SREG to pass us the privacy policy, even if you're using AX. The next version of the AX spec will include a way for sites to include their privacy policy.

The privacy policy URL must be contained within the openid.realm of the request, and must also return HTTP 200. (The Yahoo OP will fetch the privacy policy to make sure that it's a valid page)

Warning: www.showzey.com has not forwarded their Privacy Policy

Sat, 26 Sep 2009 11:50:04 -0700

Ok, I've added the openid.sreg.policy_url to my auth request, looked at showzey.com's request and mimicked everything I saw in there to see if that would magically unlock the profile information to me. But no, it doesn't.

It seems that showzey.com could get rid of that message if only he'd add the openid.sreg.policy_url parameter, but how do get users to send me their email address when they login through Yahoo?

Any suggestions are appreciated, and rewarded with beer (if you live in the Aalborg, Denmark area).

Trouble Getting Yadis document through Curl/PHP

Thu, 17 Sep 2009 21:31:50 -0700

I'm trying to implement openid on a website I am building using the PHP library here. Unfortunately though it doesn't seem to support Yadis.

I have no trouble getting Google's file, but I can't seem to access Yahoo's. According to your documentation here, http://yahoo.com is the location of the document, but in order to access it, I need to send a HTTP Header requesting a application/xrds+xml document.

I am trying to use cURL in PHP to obtain access to it, and this is the code I have so far:

CODE

<?php
// create a new cURL resource
$ch = curl_init();

// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://yahoo.com/");
$headers = array("Accept: application/xrds+xml");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

// grab URL and pass it to the browser
curl_exec($ch);

// close cURL resource, and free up system resources
curl_close($ch);
?>

However when I run that page, I only get this response:

QUOTE

The document has moved here.

If anyone can offer me help, I could greatly appreciate it

Trouble Getting Yadis document through Curl/PHP

Thu, 17 Sep 2009 21:31:50 -0700

If you get http return code 301, 302, 303, 307...
You'll have to make another request to the redirected url, until you get return code 200 or 206

but this is too fundamental, I believe there must be some 'discovery' function for you to use.

Trouble Getting Yadis document through Curl/PHP

Thu, 17 Sep 2009 21:31:50 -0700

Hi garionw,

As said in Rick's email, you need to follow redirects until it returns
content with HTTP code 200. Since this is all too low-level, you may consider
using the OpenID PHP library http://openidenabled.com/ to do the
heavy lifting for you.

Thanks,
Yu Wang
Yahoo! Membership team

Can Wretch include OpenID?

Sat, 12 Sep 2009 06:17:59 -0700

We all know that Yahoo has an OpenID site, and we can login with us Yahoo ID to use our OpenID.
It's a good idea, so can Wretch support the OpenID in the future, and we can use our OpenID with Wretch blog's address.

P.S.: Sorry that my English is not that good, can I use Chinese here?

Can Wretch include OpenID?

Sat, 12 Sep 2009 06:17:59 -0700

Hi David,

I recommend that you contact the Wretch team to request sign-in through OpenID support.

Regards,
Sabari Devadoss
Yahoo! Membership

QUOTE (David @ Sep 12 2009, 05:17 AM) <{POST_SNAPBACK}>

We all know that Yahoo has an OpenID site, and we can login with us Yahoo ID to use our OpenID.
It's a good idea, so can Wretch support the OpenID in the future, and we can use our OpenID with Wretch blog's address.

P.S.: Sorry that my English is not that good, can I use Chinese here?

Can Wretch include OpenID?

Sat, 12 Sep 2009 06:17:59 -0700

Thanks a lot, but how can I connect the Wretch team? I can't find the way to connect the Wretch team.

QUOTE (Sabari @ Sep 17 2009, 04:45 PM) <{POST_SNAPBACK}>

Hi David,

I recommend that you contact the Wretch team to request sign-in through OpenID support.

Regards,
Sabari Devadoss
Yahoo! Membership

Can Wretch include OpenID?

Sat, 12 Sep 2009 06:17:59 -0700

On Wretch, click the Help link. Cheers,

Robyn Tippins
Community Manager, YDN

*.domain.com and XRDS

Mon, 17 Aug 2009 08:22:35 -0700

I'd like to use Yahoo OpenID in combination with a wildcard realm, e.g. https://*.domain.com. If I'm not mistaken, this makes Yahoo call https://www.domain.com for the localization of the XRDS file. The problem I have is that the www-server is not setup for secure communication and it was very expensive to install and mainly maintain it. So my question is whether there is any way to tell Yahoo to look at an other place than the realm address for the XRDS.
Thanks,
Marc

Shall I get the OpenID?

Thu, 13 Aug 2009 20:25:45 -0700

Hi,
I have sent a email to get the openid,but it isn't in response,and how long can I get the OpenID,please reply me at liuyffly@yahoo.com.cn as soon as possible.

verification problem

Thu, 06 Aug 2009 20:24:15 -0700

Can anyone tell me why my site is getting a verification warning? http://mightyangler.com

verification problem

Thu, 06 Aug 2009 20:24:15 -0700

QUOTE (Michael @ Aug 6 2009, 07:24 PM) <{POST_SNAPBACK}>

Can anyone tell me why my site is getting a verification warning? http://mightyangler.com

Yes: http://blog.nerdbank.net/2008/06/why-yahoo...penid-site.html

You can follow it up with this as a test OpenID that may help you better diagnose remaining issues: http://test-id.org/RP/DiscoverableReturnTo.aspx

Bear in mind that once you fix it, Yahoo may take up to an hour to notice.

code for enhancing my Yahoo

Mon, 06 Jul 2009 15:47:13 -0700

Yes..amongst the many tech questions in pops a newb just wanting some code to make my Yahoo to interface with My Space and YouTube and maybe have some favorite functional links...All this how to do code is making my wish I had grown-up-in-the-computer-age-generation-so-I-could-DYI my codes.
So after a half hour of search attempt...do any of you smarties know the simple answer where there might be a gallery of code to add to My Yahoo to make it like a My Yahoo to My Space and beyond . My Space editing is so easy and I want to go beyond that and I am choosing My Yahoo because it is where my mail goes...BUT if you have any suggestions...I am right now gonna see what Face book looks like never having seen it...but I have put so much of my lay person time into pics and family contacts and game applications on My Space...

Please simplify this simple thing further for me if you can

code for enhancing my Yahoo

Mon, 06 Jul 2009 15:47:13 -0700

Someone would need to create a My Yahoo! application for MySpace. I know that's not helpful to you, but that's how it would have to happen. Cheers!

Robyn Tippins
Community Manager, YDN

Step to step to develop a web page that have Yahoo OpenId

Sun, 05 Jul 2009 19:35:22 -0700

Hi my friends
I am new in yahoo OpenId. I would like to create some apps to relate with OpenId. Please help me some links or some descriptions. I appreciate your help.

Thanks and regards,

Thang Pham

Step to step to develop a web page that have Yahoo OpenId

Sun, 05 Jul 2009 19:35:22 -0700

QUOTE (Thang Pham @ Jul 5 2009, 06:35 PM) <{POST_SNAPBACK}>

Hi my friends
I am new in yahoo OpenId. I would like to create some apps to relate with OpenId. Please help me some links or some descriptions. I appreciate your help.

Thanks and regards,

Thang Pham

Found for Dot Net ^^
http://code.google.com/p/dotnetopenid/

One more XRDS and Confirm website problem

Fri, 03 Jul 2009 01:41:46 -0700

We have so problems to have a website confirm by Yahoo.
We are using Janrain library.

Website URL : www.modepass.com

CODE

  HTTP/1.1 200 OK
  Date: Fri, 03 Jul 2009 09:53:17 GMT
  Server: Apache/2.2.3 (Linux/SUSE)
  X-Powered-By: PHP/5.2.6
  X-XRDS-Location: http://www.modepass.com/xrds.xrdf
  Vary: Accept-Encoding
  Connection: close
  Content-Type: text/html; charset=utf-8

XRDS : www.modepass.com/xrds.xrdf

CODE

  HTTP/1.1 200 OK
  Date: Fri, 03 Jul 2009 09:54:59 GMT
  Server: Apache/2.2.3 (Linux/SUSE)
  Last-Modified: Thu, 02 Jul 2009 20:14:18 GMT
  ETag: "2ae"
  Accept-Ranges: bytes
  Content-Length: 686
  Vary: Accept-Encoding
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: application/xrds+xml
Length: 686 [application/xrds+xml]

The login page : www.modepass.com/join_form_new.php
and the return page : www.modepass.com/oid_return.php

This working graet with Google, Facebook and some others...
We have follow the Yahoo FAQ (http://developer.yahoo.com/openid/faq.html) and the links provided in some answers but we can't find the solution...
If we can have some help

One more XRDS and Confirm website problem

Fri, 03 Jul 2009 01:41:46 -0700

Hi,

The file returned from http://www.modepass.com/
is beyond our size limit for realm verification. We don't fetch
large files to prevent our servers from spending too much time
on realm verification thus to reduce the risk of denial of
service attack. If you cannot truncate the file or set a different
openid.realm that can return a smaller file, then you may consider
returning the XRDS document directly if the request has the
"Accept: application/xrds+xml,..." header. That signifies
that it is not an ordinary request from end user' browser, but
a request for XRDS document from the OP.

We support this as the third option as described here:
http://en.wikipedia.org/wiki/Yadis#Discove...urce_Descriptor

Thanks,
Yu Wang
Yahoo! Membership team

Regarding yahoo contact list

Mon, 29 Jun 2009 06:51:22 -0700

I want to fetch the contact list from address book of each mail id when they sign In in my website by selecting yahoomail.com to invite their friends.
Is there any API exists behind yahoo for configuration like gmail?
Can any answer me?

Regards,
Dhuraikkannu.M

Regarding yahoo contact list

Mon, 29 Jun 2009 06:51:22 -0700

QUOTE (dhuraikkannu_mur @ Jun 29 2009, 05:51 AM) <{POST_SNAPBACK}>

I want to fetch the contact list from address book of each mail id when they sign In in my website by selecting yahoomail.com to invite their friends.
Is there any API exists behind yahoo for configuration like gmail?
Can any answer me?

Regards,
Dhuraikkannu.M

tnx nlg sayo pare

URL openid.server

Tue, 23 Jun 2009 14:43:16 -0700

Hi,

I am a noob with OpenId.

I try to configurate my personal domain name as my open ID.

So, I have added to my personal website the code :

but it does not work.

I have tried with others URL with no success.

Is it possible to do that with Yahoo OpenId ?
Can someone help me ?

Thanks,
Fran'

URL openid.server

Tue, 23 Jun 2009 14:43:16 -0700

Is it possible ? An answer ?
Thanks,
Fran'

Which URL do I send the discovery request?

Mon, 15 Jun 2009 01:43:11 -0700

Hi ,
I want to be able to have users redirect to the yahoo login site when they click on the yahoo sign in option. I know i need to get use some discovery to find out the endpoint, but which url do I need to send the initial discovery request.
Is it http://open.login.yahoo.com

Which URL do I send the discovery request?

Mon, 15 Jun 2009 01:43:11 -0700

Hi Vivek,

It is https://open.login.yahooapis.com/openid/op/auth and you need
to send the right OpenID parameters so user can return to your
site after login.

Thanks,
Yu Wang
Yahoo! Membership team

Which URL do I send the discovery request?

Mon, 15 Jun 2009 01:43:11 -0700

Hi,

Is this the Discovery URL or the openid endpoint? It looks like that Discovery is not needed for Yahoo Openid implemetation? I sthat correct?

Thanks!
ANSA

QUOTE (omiga @ Jun 22 2009, 11:33 AM) <{POST_SNAPBACK}>

Hi Vivek,

It is https://open.login.yahooapis.com/openid/op/auth and you need
to send the right OpenID parameters so user can return to your
site after login.

Thanks,
Yu Wang
Yahoo! Membership team

Which URL do I send the discovery request?

Mon, 15 Jun 2009 01:43:11 -0700

I don't think discovery phase is compulsory, it just let you know what services they support.

Below is the service from yahoo

Discovery Url: http://www.yahoo.com/
Endpoint Url: https://open.login.yahooapis.com/openid/op/auth
Service Type discovered:
* http://specs.openid.net/auth/2.0/server
* http://specs.openid.net/extensions/pape/1.0
* http://openid.net/sreg/1.0
* http://openid.net/extensions/sreg/1.1
* http://openid.net/srv/ax/1.0
* http://specs.openid.net/extensions/oauth/1.0
* http://specs.openid.net/extensions/ui/1.0/lang-pref
* http://specs.openid.net/extensions/ui/1.0/mode/popup
* http://schemas.xmlsoap.org/ws/2005/05/iden...sonalidentifier
* http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
* http://www.idmanagement.gov/schema/2009/05...rust-level1.pdf
* http://csrc.nist.gov/publications/nistpubs...00-63V1_0_2.pdf

Which URL do I send the discovery request?

Mon, 15 Jun 2009 01:43:11 -0700

Hey all,
I still get this error and this is so random that I am unable to figure out.

Verification failed: Server https://open.login.yahooapis.com/openid/op/auth responds that the 'check_authentication' call is not valid

I send the discovery request to
http://www.yahoo.com
I also try http://www.yahoo.com/
It just seems to work once but not again.. What does that error mean?

Here is the response I get which results in a failure from my openid library(ruby-openid)

/openid/complete?did_sreg=y
openid_identifier=http%3A%2F%2Fwww.yahoo.com
openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
openid.mode=id_res
openid.return_to=http%3A%2F%2F******%2Fopenid%2Fcomplete%3Fdid_sreg%3Dy%26openid_identifier%3Dhttp%253A%252F%252Fwww.yahoo.com
openid.claimed_id=https%3A%2F%2Fme.yahoo.com%2Fvivek200120%2309a1b
openid.identity=https%3A%2F%2Fme.yahoo.com%2Fvivek200120
openid.assoc_handle=ROz8w.0c2PKLaJgKo3FmFwrZGCBIfaoMuVywzTOJKceszP4EfujBk7LFSTHK
pZJekE6Ll9QQySwrjaXCLjsVfbZhSQ7h0hCKxNCFuFddjGxotQNY_NrGnWNYm6vnKG4Scw--
openid.realm=http%3A%2F%2Fcoupl.in%2Fopenid
openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
openid.ax.mode=fetch_response
openid.ax.value.email=vivek200120%40yahoo.com
openid.response_nonce=2010-01-23T11%3A28%3A31ZHuMOdOEe9FguaEVn5f36_qd52LT0KBuaMQ--
openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Cax.value.email%2Cax.type.email%2Cns.ax%2Cax.mode%2Cpape.auth_level.nist
openid.op_endpoint=https%3A%2F%2Fopen.login.yahooapis.com%2Fopenid%2Fop%2Fauth
openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
openid.pape.auth_level.nist=0
openid.sig=*************

Please help

QUOTE (Rick @ Sep 29 2009, 04:56 AM) <{POST_SNAPBACK}>

I don't think discovery phase is compulsory, it just let you know what services they support.

Below is the service from yahoo

Discovery Url: http://www.yahoo.com/
Endpoint Url: https://open.login.yahooapis.com/openid/op/auth
Service Type discovered:
* http://specs.openid.net/auth/2.0/server
* http://specs.openid.net/extensions/pape/1.0
* http://openid.net/sreg/1.0
* http://openid.net/extensions/sreg/1.1
* http://openid.net/srv/ax/1.0
* http://specs.openid.net/extensions/oauth/1.0
* http://specs.openid.net/extensions/ui/1.0/lang-pref
* http://specs.openid.net/extensions/ui/1.0/mode/popup
* http://schemas.xmlsoap.org/ws/2005/05/iden...sonalidentifier
* http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
* http://www.idmanagement.gov/schema/2009/05...rust-level1.pdf
* http://csrc.nist.gov/publications/nistpubs...00-63V1_0_2.pdf

Yahoo OpenID -> Facebook

Sat, 06 Jun 2009 17:05:48 -0700

Facebook just started supporting OpenID login as an RP. Google's OP supports automatic login (checkid_immediate), but Yahoo does not.

Is there a plan for Yahoo to support automatic login? If so, when? If not, why not?

Thanks.

Yahoo OpenID -> Facebook

Sat, 06 Jun 2009 17:05:48 -0700

Yahoo OpenID -> Facebook

Sat, 06 Jun 2009 17:05:48 -0700

Hi Gabriel,

We are investigating support for checkid_immediate. We are weighing the usability/awareness issue of not providing an interstitial to alert the user that they are logging in with their Yahoo! credentials versus the benefit of the silent signin method.

Regards,
Sabari
Y! Membership

QUOTE (Gabriel S @ Jun 6 2009, 04:11 PM) <{POST_SNAPBACK}>

see also OpenID Requirements

Yahoo OpenID -> Facebook

Sat, 06 Jun 2009 17:05:48 -0700

Sabari,
Thanks for your reply.

To be honest, I don't like the way Facebook auto logs in with OpenID. FB has you link your FB account with an OpenID provider, then next time you go to FB's home page, it will log you in automatically (if you're already signed in to your OpenID provider--if you're not, you don't seem to get ANYTHING). And it seems to need a cookie on each browser on each machine before auto login will work--"Hey it worked at home, why isn't it working here...?" I'm not sure how well it supports multi-users on the same browser (I'm logged in to MyOpenID, my wife's logged in to Google, one of us goes to Facebook--which OpenID is Facebook going to use for auto-login...?)

All other sites (that I've seen) require the user to enter their OpenID URL, and then be signed in (possibly authenticating at their OP first). I'd much rather see that approach. (but as a fallback, I'd rather have SSO, than not).

Yahoo OpenID -> Facebook

Sat, 06 Jun 2009 17:05:48 -0700

Hello guys!

How do you allow anyone with a facebook/myspace/gmail open ID to sign in using those details on a site which has been created independently..Facebook Layouts

Change network back tto US

Sat, 06 Jun 2009 10:15:14 -0700

Hi,

I am currently using the TW yahoo mail network, which I was using US network before. I changed to TW network because I want to buy things in their network, but they require me to change my network to their country first. I am now what to change back my network into US, but I couldn't find anywhere that I could change my network back. Pls help and thanks!

Vivien

Change network back tto US

Sat, 06 Jun 2009 10:15:14 -0700

Hi Vivien,

Are you talking about switching your preferred content preference to US from TW?

1. You can go directly to the Account Information page: http://edit.yahoo.com/config/eval_profile
2. Click on Member Information
3. Click on the link next to the Language label

You can then select US content or any other country you desire.

Good luck,
Sabari
Y! Membership

QUOTE (bolon_lwy @ Jun 6 2009, 09:15 AM) <{POST_SNAPBACK}>

Hi,

I am currently using the TW yahoo mail network, which I was using US network before. I changed to TW network because I want to buy things in their network, but they require me to change my network to their country first. I am now what to change back my network into US, but I couldn't find anywhere that I could change my network back. Pls help and thanks!

Vivien

Change network back tto US

Sat, 06 Jun 2009 10:15:14 -0700

Hi Sabari,

I am having a same problem as Vivien currently. I tried to following your steps to solve my problem, however, the a/c info page [http://edit.yahoo.com/config/eval_profile] will lead me to the tw.yahoo.com and the page is written in chinese. I do not find the link as you said.

Hope you can solve my problem.

Jane

QUOTE (Sabari @ Jun 11 2009, 09:54 AM) <{POST_SNAPBACK}>

Hi Vivien,

Are you talking about switching your preferred content preference to US from TW?

1. You can go directly to the Account Information page: http://edit.yahoo.com/config/eval_profile
2. Click on Member Information
3. Click on the link next to the Language label

You can then select US content or any other country you desire.

Good luck,
Sabari
Y! Membership

Change network back tto US

Sat, 06 Jun 2009 10:15:14 -0700

Have you tried going through Yahoo! Customer Support? They can likely make that change for you, if need be.

Robyn Tippins
Community Manager, YDN

"Direct signature verification failed" using openid4java

Wed, 06 May 2009 11:47:39 -0700

Trying to use openid4java against Yahoo. Google's system is working fine, however with Yahoo, I'm getting

Verification failed for: https://me.yahoo.com/a/ [random string] reason: Direct signature verification failed.

I've gone through this blog:
http://eddevelop.blogspot.com/2008/11/open...penid4java.html

And those linked there. I have my XRDS setup correctly, and Yahoo no longer complains about an invalid website -- everything looks good there..

However, when the request comes back, I get that Direct signature verification failed message, and VerificationResult.getVerifiedId() returns null.

Help?

"Direct signature verification failed" using openid4java

Wed, 06 May 2009 11:47:39 -0700

Hi Darrell,

Can you please send the complete HTTP request and response
headers so we can help check from our side?

You may also need to contact openid4java mailing list to
see if they have any hint on this because we don't actually
know how openid4java is implemented.

Thanks,
Yu Wang
Yahoo! Membership team

Problem with sreg openid

Wed, 29 Apr 2009 19:23:14 -0700

Hi all!

I am planning for the simple openid libraries that help developers new to the approach with OpenID.

Unfortunately, I have a problem with my yahoo OpenID .

I have two strings:

This is the string to log to my page.

QUOTE

https://open.login.yahooapis.com/openid/op/...,fullname,email

This is the string of well-known service RPX:

QUOTE

https://open.login.yahooapis.com/openid/op/...,fullname,email

Now try the MY STRING and RPX STRING.

Why my string does not require any sharing of the profile instead RPX yes?

Has something to do with https?

See more to: http://www.balestrierofilippo.com/openid/

Thx for help

Problem with sreg openid

Wed, 29 Apr 2009 19:23:14 -0700

Because Yahoo has not opened profile information for everybody. Only some test sites have access to profile info. Maybe RPX is one of the test sites.

QUOTE (Gia @ Apr 29 2009, 06:23 PM) <{POST_SNAPBACK}>

Hi all!

I am planning for the simple openid libraries that help developers new to the approach with OpenID.

Unfortunately, I have a problem with my yahoo OpenID .

I have two strings:

This is the string to log to my page.

This is the string of well-known service RPX:

Now try the MY STRING and RPX STRING.

Why my string does not require any sharing of the profile instead RPX yes?

Has something to do with https?

See more to: http://www.balestrierofilippo.com/openid/

Thx for help

Problem with sreg openid

Wed, 29 Apr 2009 19:23:14 -0700

Ah ok.

So, how can I do?

I must register the site somewhere?

thx.

QUOTE (santosh.rajan@... @ Apr 30 2009, 07:47 AM) <{POST_SNAPBACK}>

Because Yahoo has not opened profile information for everybody. Only some test sites have access to profile info. Maybe RPX is one of the test sites.

Problem with sreg openid

Wed, 29 Apr 2009 19:23:14 -0700

QUOTE (Gia @ May 1 2009, 06:00 AM) <{POST_SNAPBACK}>

Ah ok.

So, how can I do?

I must register the site somewhere?

thx.

We're working really hard to get the right approvals to enable Simple Registration for all RPs, unfortunately, we don't yet have a date for when we'll be able to enable it.

Can't confirm website identity

Mon, 06 Apr 2009 23:22:02 -0700

When authenticating with Yahoo's OpenID, the user is seeing the famous "This website has not confirmed its identity with Yahoo!" warning message. I've read through all the FAQs and other documentation I could find but I am yet unable to determine why this is failing. I have some questions:

When verifying the return_to url; does Yahoo! ignore any query parameters (i.e., everything from a ? onward). My XRDS document publishes the exact same return_to URL as is present in the OpenID request (up to the "?")

Strangely, I am not even seeing a request by Yahoo! to obtain my XRDS document in my webserver logs! It is not fetching the return_to url, nor the corresponding root "/" URL (the same as the return_to url without the extra path or query string).

Note that my site only responds to https (port 443); there is no open port on 80. All the URLs I'm sending though are https:

Can't confirm website identity

Mon, 06 Apr 2009 23:22:02 -0700

I think I may have figured this out. I am using a wildcard realm pattern., e.g., ,
whereas my return_to url is more like .

Since my return_to URL *matches* the realm, I thought it would try to find my XRDS document
by using the return_to url. However I guess that Yahoo! is instead looking for it on
(which is a different server, run by the "Marketing" folks so
there is no way to get anything even slightly technical on it, much less an XRDS
document, or link to one).

After carefully re-reading the OpenID 2.0 spec, there is a small little sentence in section 9.2.1
which points this out. So I need to find some other way to do this, if it is even possible.

Can't confirm website identity

Mon, 06 Apr 2009 23:22:02 -0700

QUOTE (deron.meranda @ Apr 6 2009, 10:22 PM) <{POST_SNAPBACK}>

Strangely, I am not even seeing a request by Yahoo! to obtain my XRDS document in my webserver logs! It is not fetching the return_to url, nor the corresponding root "/" URL (the same as the return_to url without the extra path or query string).

For performance reasons, we do cache the XRDS doc for about an hour,so you might not have noticed the request in your logs. Additionally, because of the caching, any changes that you make to the XRDS might not be noticed for an hour.

Can we see your site?

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

I want to go back to my original classic mail window not the open ID window. How do I go about doing this. I know I can't delete open ID but want to use my old window:
http://us.mc598.mail.yahoo.com/mc/welcome - When I click on mail from my yahoo home page.

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

Hi Roger,

If I understand you correctly, you want to switch to Yahoo! Mail Classic from the new Yahoo Mail. To switch, you just have to click "Mail Classic" on the top left hand corner next to "What's New." Once you click on the link, you will see a dialogue box asking you to confirm that you want to switch back to Yahoo! Mail Classic.

To clarify, enabling your Yahoo! OpenID does not affect your Yahoo! Mail.

Regards,
Sabari
Yahoo! Membership

QUOTE (roger @ Mar 28 2009, 11:22 AM) <{POST_SNAPBACK}>

I want to go back to my original classic mail window not the open ID window. How do I go about doing this. I know I can't delete open ID but want to use my old window:
http://us.mc598.mail.yahoo.com/mc/welcome - When I click on mail from my yahoo home page.

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

QUOTE (Sabari @ Mar 29 2009, 09:14 AM) <{POST_SNAPBACK}>

Hi Roger,

If I understand you correctly, you want to switch to Yahoo! Mail Classic from the new Yahoo Mail. To switch, you just have to click "Mail Classic" on the top left hand corner next to "What's New." Once you click on the link, you will see a dialogue box asking you to confirm that you want to switch back to Yahoo! Mail Classic.

To clarify, enabling your Yahoo! OpenID does not affect your Yahoo! Mail.

Regards,
Sabari
Yahoo! Membership

That didn't do it. I want to do away with the mail classic open ID window with the address, http://us.mc01g.mail and go back to mail classic window with address, http://us.mc598.mail. I had before I mistakenly activated "open ID"

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

Roger,

Please contact customer support for Mail. They can be found at this link: http://help.yahoo.com/l/us/yahoo/mail/yaho...orms_index.html

Robyn Tippins
Community Manager, YDN

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

QUOTE (roger @ Mar 28 2009, 11:22 AM) <{POST_SNAPBACK}>

I want to go back to my original classic mail window not the open ID window. How do I go about doing this. I know I can't delete open ID but want to use my old window:
http://us.mc598.mail.yahoo.com/mc/welcome - When I click on mail from my yahoo home page.

Hello,
The solution you gave by clicking on "mail classic" didn't work. the "loading" icon on the top right of the page kept spinning and nothing happened.
What can I do????
I am not able to compose e-mails or forward e-mails or even open any attatchments.

changing yahoo mail to old window

Sat, 28 Mar 2009 12:22:10 -0700

Rola,

Try this link that will send an email to Customer Care. http://help.yahoo.com/l/us/yahoo/mail/yaho...?showtopic=1067

Closing this thread.

Robyn Tippins
Community Manager, YDN

Please release SREG support soon! Here is some motivation for you.

Thu, 26 Mar 2009 02:04:11 -0700

http://santrajan.blogspot.com/2009/03/mess...led-openid.html

Please release SREG support soon! Here is some motivation for you.

Thu, 26 Mar 2009 02:04:11 -0700

QUOTE (santosh.rajan@... @ Mar 26 2009, 01:04 AM) <{POST_SNAPBACK}>

http://santrajan.blogspot.com/2009/03/mess...led-openid.html

We hear you! stay tuned!

User Experience = Bad

Fri, 20 Mar 2009 12:58:14 -0700

The key question is, "How do I delete the Yahoo openID without deleting the Yahoo ID or my email account?"

Went to post a comment on a site off blogspot. It wanted to authenticate me. Several choices, one of which is openID. A quick search says Yahoo supports openID. Punch the button, enable openID. Yahoo says, " To make things easy, we have generated this identifier for you: https://me.yahoo.com/a/fjTOjrsJTo_4YZ_blah_blah_LU- I'm thinking the identifier is some sort of behind the scenes secret handshake thing, so good enough, off we go.

I'm authenticated, post is submitted. Take a look at it in place and what I see is the random 28 character string identifier as my username. Blech! Not desired outcome. Go back to Yahoo openID page, and look at customization options. The page warns against using the identifier string and equals my Yahoo email username (snertly), so I cleverly pick something similar with an underscore: snert_lee. Page says name is available. I say make it so. Page chugs for a moments them belches up a generic "something went wrong, try again later" type error.

I try another posting. 28 character gibberish comes up as username. And now snertly and snert_lee have been fused together so they both point to the same mailbox and there seems to be no way to delete one or the other without killing both.

It's frustrating and leaves a bad taste in my mouth vis a vis openID.

The ideal solution would be to be able to delete the openID and have snerly and snert_lee revert back to two seperate yahoo ids.

User Experience = Bad

Fri, 20 Mar 2009 12:58:14 -0700

Hi snert_lee,

Sorry to hear of your problems using Yahoo! OpenID. We currently don't allow the deletion of the OpenID Identifier. Since we support the OpenID 2.0 spec, we do attach a fragment to the identifier to alleviate the recycling scenario. However, there could be a minor user education issue due to the fact that when users delete an identifier and recreate the same identifier it is treated as a new identifier at the RP even though the identifiers look the same to the user.

When you have multiple identifiers set up, you have the ability to select which identifier you want to use for your intended action. Are you stating that even though you multiple identifiers you were not given the option of using your custom identifier instead of the machine generated identifier?

Regards,
Sabari Devadoss
Yahoo! Membership

QUOTE (snert_lee @ Mar 20 2009, 11:58 AM) <{POST_SNAPBACK}>

The key question is, "How do I delete the Yahoo openID without deleting the Yahoo ID or my email account?"

Went to post a comment on a site off blogspot. It wanted to authenticate me. Several choices, one of which is openID. A quick search says Yahoo supports openID. Punch the button, enable openID. Yahoo says, " To make things easy, we have generated this identifier for you: https://me.yahoo.com/a/fjTOjrsJTo_4YZ_blah_blah_LU- I'm thinking the identifier is some sort of behind the scenes secret handshake thing, so good enough, off we go.

I'm authenticated, post is submitted. Take a look at it in place and what I see is the random 28 character string identifier as my username. Blech! Not desired outcome. Go back to Yahoo openID page, and look at customization options. The page warns against using the identifier string and equals my Yahoo email username (snertly), so I cleverly pick something similar with an underscore: snert_lee. Page says name is available. I say make it so. Page chugs for a moments them belches up a generic "something went wrong, try again later" type error.

I try another posting. 28 character gibberish comes up as username. And now snertly and snert_lee have been fused together so they both point to the same mailbox and there seems to be no way to delete one or the other without killing both.

It's frustrating and leaves a bad taste in my mouth vis a vis openID.

The ideal solution would be to be able to delete the openID and have snerly and snert_lee revert back to two seperate yahoo ids.

User Experience = Bad

Fri, 20 Mar 2009 12:58:14 -0700

Hi snert_lee,

We took a look at the logs and you might have unfortunately been affected by a temporary system issue. We have fixed the issue and you can now use the alias as your openid identifier. Let us know if you are still experiencing issues.

Regards,
Sabari
Yahoo! Membership

QUOTE (Sabari @ Mar 20 2009, 04:44 PM) <{POST_SNAPBACK}>

Hi snert_lee,

Sorry to hear of your problems using Yahoo! OpenID. We currently don't allow the deletion of the OpenID Identifier. Since we support the OpenID 2.0 spec, we do attach a fragment to the identifier to alleviate the recycling scenario. However, there could be a minor user education issue due to the fact that when users delete an identifier and recreate the same identifier it is treated as a new identifier at the RP even though the identifiers look the same to the user.

When you have multiple identifiers set up, you have the ability to select which identifier you want to use for your intended action. Are you stating that even though you multiple identifiers you were not given the option of using your custom identifier instead of the machine generated identifier?

Regards,
Sabari Devadoss
Yahoo! Membership