[OpenID] Yahoo and localhost
Allen Tom
atom at yahoo-inc.com
Wed Jan 30 20:51:20 UTC 2008
Hi Danny,
The Yahoo OP requires that your RP run on a standard port (80 or 443)
and that you have a real hostname (no IP addresses allowed). We decided
to do this to keep things consistent with the security polices that we
have with Yahoo BBAuth.
We have a FAQ posted on the Yahoo Developer Network site, and we'll be
updating it we get more questions.
http://developer.yahoo.com/openid/faq.html
Questions regarding Yahoo OpenID should be sent here:
openid-feedback at yahoo-inc.com
The Yahoo OpenID engineering team is monitoring that list and will be
happy to answer questions about integrating with our OP.
Thanks
Allen
Danny Burkes wrote:
> Hi everyone-
>
> I'm in the process of developing a new product that will be an RP. We
> have RP functionality already working using ruby-openid 2.03, and we
> can successfully authenticate against both OpenID 1.0 and 2.0 providers.
>
> Today Yahoo turned on their IdP functionality, so I thought I'd try
> it, and it wouldn't authenticate me when I run our app on my local
> development machine- I just get redirected to a page at Yahoo that
> says "Sorry! Something is not quite right with the request we received
> from the website you are trying to use".
>
> However, if I try to authenticate running our app on a publicly-
> available server (our staging server), it authenticates fine against
> the Yahoo IdP.
>
> The only difference I can see in the two authentication transactions
> is that, when running on my local development machine,
> openid.return_to is like "http://localhost:3000/...", whereas when
> running from the staging machine, it's like "http://
> our.staging.server/...".
>
> Does the Yahoo IdP refuse authentication requests that specify
> localhost in the return_to? If so, it seems like a big flub, as it
> locks out developers.
>
> Thanks for any enlightenment you can provide.
>
> Best Regards,
>
> Danny Burkes
> http://www.lingr.com/help/about#danny
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list