[OpenID] Yahoo and localhost
atom at yahoo-inc.com
Wed Jan 30 12:51:20 PST 2008
The Yahoo OP requires that your RP run on a standard port (80 or 443)
and that you have a real hostname (no IP addresses allowed). We decided
to do this to keep things consistent with the security polices that we
have with Yahoo BBAuth.
We have a FAQ posted on the Yahoo Developer Network site, and we'll be
updating it we get more questions.
Questions regarding Yahoo OpenID should be sent here:
openid-feedback at yahoo-inc.com
The Yahoo OpenID engineering team is monitoring that list and will be
happy to answer questions about integrating with our OP.
Danny Burkes wrote:
> Hi everyone-
> I'm in the process of developing a new product that will be an RP. We
> have RP functionality already working using ruby-openid 2.03, and we
> can successfully authenticate against both OpenID 1.0 and 2.0 providers.
> Today Yahoo turned on their IdP functionality, so I thought I'd try
> it, and it wouldn't authenticate me when I run our app on my local
> development machine- I just get redirected to a page at Yahoo that
> says "Sorry! Something is not quite right with the request we received
> from the website you are trying to use".
> However, if I try to authenticate running our app on a publicly-
> available server (our staging server), it authenticates fine against
> the Yahoo IdP.
> The only difference I can see in the two authentication transactions
> is that, when running on my local development machine,
> openid.return_to is like "http://localhost:3000/...", whereas when
> running from the staging machine, it's like "http://
> Does the Yahoo IdP refuse authentication requests that specify
> localhost in the return_to? If so, it seems like a big flub, as it
> locks out developers.
> Thanks for any enlightenment you can provide.
> Best Regards,
> Danny Burkes
> general mailing list
> general at openid.net
More information about the general