Reply to this topicStart new topic
Yahoo! please fix your OpenID auth!
chey.smith
post Nov 22 2009, 06:21 AM
Post #1
Group: Members
Posts: 3
Ok this is getting ridiculous!! Here I am trying to test out OpenID auth with Yahoo! and everytime I make a few changes in the code I get this!!!

"This page has expired, go back to the original page and please try again"

I'm a developer and I'm trying to develop OpenID plugins for people to use so I am testing lots of sites and libraries (primarily PHP) and constantly getting this from Yahoo! is getting ...as I said ... ridiculous!

I seems to happen when I change the realm. I am working with various subdomains on a virtual hosting platform so I usually start out with the realm defaulting to the "return_to" but then after some initial testing I change the realm to use a wildcard like "*.example.com" and as soon as I do I get the dreaded error message above. Come on now Yahoo! I don't have to deal with this crap from Google. In my opinion it's a pointless "security" (if that's what it is) mechanism.
Go to the top of the page
 
+Quote Post
chey.smith
post Nov 25 2009, 10:04 AM
Post #2
Group: Members
Posts: 3
Something has changed. The few sites I was having trouble with now work. I'm wondering if Yahoo! imposes a limit on auth requests??? I'd hope not.
Go to the top of the page
 
+Quote Post
Nguyen Van Thang
post Nov 26 2009, 11:00 PM
Post #3
Group: Members
Posts: 1
Because YH upgrade to OpenID v2.0. You can reference this url http://blog.facilelogin.com/2008/07/let-re...id-relying.html to fix.
Go to the top of the page
 
+Quote Post
chey.smith
post Nov 29 2009, 03:55 AM
Post #4
Group: Members
Posts: 3
The problem is not with discovery but how Yahoo! handles realms. Supposedly they support wildcard realms but when I try to use one I get that warning on their login page.

"Warning: This website does not meet Yahoo!'s requirements for website address. Do not share any personal information with this website unless you are certain that it is legitimate."

Take a look at the realms section in the specs:
http://openid.net/specs/openid-authenticat...2_0.html#realms

If return_to is http://www.example.com/login
then a realm of http://*.example.com is a match and should not produce an error
Go to the top of the page
 
+Quote Post
atom
post Dec 4 2009, 02:46 PM
Post #5
Group: Yahoos
Posts: 30
Hi Chey - sounds like this may have been a caching problem - the Yahoo OpenID screens have a 10 minute timeout, based on your description, it sounds like your browser may have been reloading or replaying an expired auth url.

In the future, please post a link to a reproducable test case, and we can try to debug the issue.

Thanks
Allen


QUOTE (chey.smith @ Nov 22 2009, 06:21 AM) *
Ok this is getting ridiculous!! Here I am trying to test out OpenID auth with Yahoo! and everytime I make a few changes in the code I get this!!!

"This page has expired, go back to the original page and please try again"
Go to the top of the page
 
+Quote Post
« Next Oldest · OpenID General Discussion · Next Newest »
 

Reply to this topicStart new topic

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

rss YDN Forum RSS feeds

YDN Content Copyright © 2010 Yahoo! Inc. All rights reserved. Copyright | Privacy Policy

Help us continue to improve the Yahoo! Developer Network - Send Your Suggestions