Page MenuHomePhabricator
Create Task
Maniphest T20527

Yahoo claims the RP to be untrusted
Closed, ResolvedPublic
Actions

Description

Author: sergey.chernyshev

Description:
Yahoo has no reason to trust a wiki to be RP - add XRDS as described here:
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

Version: unspecified
Severity: normal

Details

Reference
bz18527

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:34 PM
bzimport added a project: MediaWiki-extensions-OpenID.
bzimport set Reference to bz18527.
bzimport created this task.Apr 20 2009, 1:24 AM
bzimport added a comment.Jan 4 2010, 2:45 AM

webcd wrote:

You can solve this issue by putting an file "xrds.php" in the script root, where https://wiki.your.wiki/w/ is the script root:

<?php header("Content-Type: application/xrds+xml"); ?><?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS

xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
    <Service priority="1">
        <Type>http://specs.openid.net/auth/2.0/return_to</Type>
        <URI>https://wiki.your.wiki/w/</URI>
    </Service>
</XRD>

</xrds:XRDS>

After it you have to add to all Wikipages:
header("X-XRDS-Location: https://wiki.your.wiki/w/xrds.php");
and
<meta http-equiv="X-XRDS-Location" content="https://wiki.your.wiki/w/xrds.php"/>

bzimport added a comment.Jan 4 2010, 2:46 AM

sergey.chernyshev wrote:

I think there is some XRDS support in extension which probably got disabled or something and worth recovering.

bzimport added a comment.Jan 4 2010, 4:50 AM

sergey.chernyshev wrote:

Yes, right now Special:OpenIDXRDS is only enabled for user pages and code there and in OpenIDHooks::onArticleViewHeader is a bit messy anyway:

  • for example it seems to forbid login using user's page if user in turn is logging in using OpenID. I'm not sure if this is OpenID limitation or something else.
  • even though XRDS is using user name as parameter (Special:OpenIDXRDS/Sergey_Chernyshev), this parameter is used in "delegate" variable in intermediary array, but never used in actual XRDS code that is output.

I think it needs to be rewritten completely with multiple use cases in mind:

  • user using their page as OpenID URL
  • XRDS is used for the use case on this bug (return_to)
  • any other usecases?
siebrand added a comment.May 16 2011, 9:54 AM

Mass maintainer change.

Parent5446 added a comment.Feb 10 2013, 2:00 AM

Based on the fix described in this bug, I'm pretty sure this was just fixed with the recent version upgrade. I haven't tested it yet, but it's possible this bug can be closed.

Wikinaut added a comment.Feb 10 2013, 2:04 AM

(In reply to comment #5)

Based on the fix described in this bug, I'm pretty sure this was just fixed
with the recent version upgrade. I haven't tested it yet, but it's possible
this bug can be closed.

may be - or may not be. Nevertheless thanky for *pinging* me.

Wikinaut added a comment.Feb 10 2013, 9:35 AM

I tried it with the 1.004 and with the new 2.01 version of E:OpenID, works as designed.

Yahoo OpenID (Yahoo is OpenID Provider only) works with E:OpenID as Consumer.

Thus: closing the issue now.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL