I’ve just released version 2.2.0 of the OpenID plugin for WordPress. Notable additions in this version:
- POST replay for comments - this should fix all the compatibility issues with other comment related plugins like reCaptcha.
- MUCH better memory usage - like no longer needlessly building a 2MB object on every page load!
- support for Email Address to URL Transformation - now you can use an email address anywhere you normally use an OpenID
- fixed OpenID Spoofing vulnerability - users’ profile URLs must match one of their OpenIDs
- using hooks for gathering user data - other plugins can now hook in and gather user info from FOAF, hCard, whatever
- If OpenID authentication fails for whatever reason, the user is given the opportunity to submit their comment without OpenID
- lots of little fixes, code refactoring and cleanup, and a lot of UI tweaks
Download at http://wordpress.org/extend/plugins/openid/.
I tested pretty thoroughly on WordPress 2.2 through 2.6 using PHP5. I’m fairly certain I didn’t break PHP4, but let me know if you find any problems.
With this out the door, I’ll be jumping right into my feature list for the next major release — adding a native OpenID Server and delegation capabilities. At that point, it should be able to handle all of your OpenID related needs.
63 Comments
good stuff.
Hey Will,
the plugin doesn’t work for my. Like in older versions I still get the following error, when I try to connect my OpenID to my account:
Error: OpenID assertion failed: Server denied check_authentication
I use my OpenID everywhere I can - other Relying Parties don’t seem to have any problems with the check_authentication requests.
Bye, Dennis
Testing EAUT on your blog. Do we need both an email AND website field anymore?
@Dennis: do you have big integer support on your server? On the WP-OpenID config page, click “Toggle More/Less” and look for red failures
@Chris: not sure why your comment doesn’t show as having been OpenID authenticated… did it take you through the EAUT flow? I just tried and it seemed to work okay.
Heya Will!
Looks like something is broken in either the OpenID library or in WP-OpenID. I get this error message on my test system:
Could not discover an OpenID identity server endpoint at the url: docwhat.gerf.org
When I updated to 2.20 most of my patches to OpenID fell out. I assume this is a good thing. If you recall, I had patches to fix the web page parsing.
The old findHTML() function seems to be gone, so I assume that they aren’t needed anymore?
I can see that it does (two?) fetches of docwhat.gerf.org. But I don’t seem to be able to figure out where in the parsing it fails. :-(
Others seem to be having trouble too: http://wordpress.org/support/topic/191523
@Will What do you mean by big integer support? On the config page there are no errors displayed, everything seems fine on the WordPress side.
@Dennis:
Click Settings Click WP-OpenID Above the words “WP-OpenID Registration Options” there is a box. It says “Status Information” Click on “toggle more/less” Below the line about “library: BCMath” there may be a line about “Loaded long integer library”. If there is at it says “FAIL” then report that. If the line doesn’t exist, then it is OK
@Will: You may want to make that line appear even if it’s OK. It is confusing otherwise.
Ciao!
When I try to add my OpenID to my user account in WP 2.6, I get:
Error: OpenID assertion failed: BAD_REQUEST
I checked the settings, nothing red.
Any ideas? I’m delegating to verisign labs. Haven’t had problems with DOPPLR or identi.ca.
Also, in posting this comment here, I got a “We were unable to authenticate your claimed OpenID, however you can continue to post your comment without OpenID”.
Chris: yours is very likely a SSL cert problem… it looks like you have your site redirect to an HTTPS version which is protected with a CACert certificate. While I actually love CACert and use them as my CA of choice for many applications, most curl installations do not have them in the list of trusted CAs. You’ll either need to modify your site so that XRDS discovery can be performed without SSL, or get a certificate from a more commonly trusted CA.
@Christian: your server is returning an HTTP 400 to the request made by the openid library. The exact request (which reproduces the 400 over telnet) is:
Sidenote: Hey Will what do you think about making it easier to provide you with debugging information, and a better diagnostic dashboard for folks who are trying to figure out what (or where) things are going wrong?
It seems to me that the current UI might be a little hard to get to or make use of… It might also be useful to add a link to a Satisfaction site for support — or to the wordpress.org support page.
Thoughts?
[quote comment=”22568”]@Christian: your server is returning an HTTP 400 to the request made by the openid library. [/quote]
It appears that Bad Behavior is catching the openid request as something bad.
It appears that it doesn’t like the range header, which is a bit odd…
I’ll see if I can do something about having Bad Behavior block those, but probably not sending a “range” header is probably a good idea.
Meanwhile, I submitted a patch to the author of bad-behavior to allow php-openid clients to use range, as well.
Ciao!
@TheDoctorWhat Thanks for your advice. I installed the latest version of the plugin (2.2.1) and verified that everything is on the plugin side is okay, the line reads the following:
[OK] Big Integer support: GMP is installed.
Unfortunately it still doesn’t work. I guess it would be good to pick up Chris’ idea, so I can find out and provide more information about what’s going wrong.
Have a nice weekend, Dennis
Since upgrading, the wp-openid doesn’t seem to handle openid redirects. I get the following error:
Could not discover an OpenID identity server endpoint at the url: toph.ca
Any idea on what is going on?
My problem with OpenID 2.2.1 here
http://forum.maxsite.org/viewtopic.php?pid=29993#p29993
but OpenID 2.1.9 works good
Update: when i tried to use my livejournal.com openID here, to comment in your blog i’ve get just the same :))
“Error: please fill the required fields (name, email).”
something wrong in your new versions…
Does your EAUT implementation fall back nicely to the existing way we do email-as-openID? Does it have a last-resort-emailtoid checkbox we can turn on?
Testing the answer to my first question in the comment… heh
EAUT fail - it did not accept my http://singpolyma@singpolma.net like and OpenID 2 compliant impl’s do.
Trying with my normal openid
Ah, maybe your site just hates my domain… neither version of my OpenID works. Meh
Extra extra off topic : what plugin are you using for the ‘quote’ functionality here?
Stephen, you seem to be running into the same problem as DocWhat above… Bad Behavior is causing a HTTP 400 when php-openid requests your XRDS document.
[quote comment="22738"]Stephen, you seem to be running into the same problem as DocWhat above… Bad Behavior is causing a HTTP 400 when php-openid requests your XRDS document.[/quote]
Any chance of removing the RANGE portion of the request? Why is it there in the first place?
I’ve posted to the WordPress Forums as well as the JanRain dev mailing list, so we’ll see what people have to say. My thinking on the matter:
Will: I saw your email on the openid list. I didn't realize it was in the openid library itself.
I already submitted a request to bad-behavior to no block the UA php-openid. Range seems like an odd thing to filter on, though. :-/
I don't know which is in the 'wrong' because I don't know enough about either situation.
Hi, I have troubles with openid.pl When I entered my OpenID address at openid.pl I received an error: “The Request that you have attempted does not meet the OpenID protocol standard - please contact the host administrator of your site to advise them of this situation.”
myopenid.com for example works fine. Can you check or add the openid.pl?
@Pawe: I’m not sure I understand the problem you’re having, as that is not an error message from wp-openid. Exactly what site are you trying to login to, and what OpenID are you trying to use there?
It’s on my blog: http://blog.pawelsobczak.pl One of my readers send me a feedback with troubles with openid.pl I registered at it to check the problem, because other sites (like myopenid.com) works fine. This is the URL with error:http://wklej.org/id/d37b8aa5c6 (it’s only link to the URL, because the latter is too long) Is it possible that openid.pl uses different ‘standard’ that plugin doesn’t operate?
I’ve downgraded plugin to 2.1.9 and now works without problems. So the reason is somewhere in the plugin, not the openid.pl
I am getting this error
Fatal error: Call to a member function finish_openid_auth() on a non-object in /home/danesh/domains/thedaneshproject.com/public_html/wp-content/plugins/defensio-anti-spam/defensio.php on line 619
Please advice
I installed v2.2.1 (on WP 2.4.1), and no longer seem to be able to post comments when your plugin is activated. I get the following error when wp-comments-post.php runs:
You must submit a comment using the comment form.I checked the plugin’s status info, which displays a failure for Big Integer support:
[FAIL] Big Integer support: The OpenID Library is operating in Dumb Mode. Recommend installing GMP support.Are there any workarounds I could apply? Comments can be posted if I turn off openid, but of course that means no openid support for my site.
Thanks in advance!
Oops, I meant WP 2.5.1. (And it’s with a test site, not the url noted in the website field.) In any case, I started a thread over at the WP support forum, so feel free to continue there.
Hey! Cna you explain something about this: http://bobrik.name/2008/08/05/some-updates/#comment-2259 Comments without openid works fine. Maybe some staff in hooks?
Hey, Will! I have a problem with this plug-in This is a message, what I have: Plugin could not be activated because it triggered a fatal error.
At the same time plug-in status is activated, but there are two more messages after attempt to log in using openid: Warning: constant(): Couldn't find constant PEAR_LOG_WARNING in /home/www/yeleleo.co.uk/blog/wp-content/plugins/openid/core.php on line 58
Fatal error: Call to a member function on a non-object in /home/www/yeleleo.co.uk/blog/wp-content/plugins/openid/core.php on line 59
Please help me to fix this problem.. Blog here http://yeleleo.co.uk/blog/ Thanks!
I’ve posted a comment few days ago but I see it didn’t appeared. So once again: the problem occurred when one of my readers used the openid[dot]pl, so I checked it with my test account queyas[dot]openid[dot]pl and received the message. I’ve discovered that 2.1.9 version works ok, so there’s something wrong with the newest plugin
@Pawel, sorry about that… I did get your comment, I guess I just forgot to go in and approve it. I did however contact the admin of openid.pl and we figured out what the problem was. It was a minor bug in wp-openid — it was adding a trailing slash to the trust_root URL, but not the return_to URL. Therefore openid.pl rightfully detected that the return_to was not under the same path as the trust_root and therefore rejected it. Strangely, it doesn’t seem like any other OpenID providers are comparing to that much scrutiny (or they are ignoring the trailing slash problem). In any event, I’ve update the plugin in SVN, and verified that it works… try again on this site to see it working. The patch will be included in the next release, which I’ll try to do today.
@bobrik: I just left a comment there with my OpenID and didn’t have any trouble.
@yeleleo: looks like the PEAR logging stuff isn’t being included properly. Do you have some other Logging library in your include path by chance? Specifically something that would provide a class named “Log” ?
Will Norris, did you seen first comment? I dont think thats right
[quote comment=”22962”]
Will Norris, did you seen first comment? I dont think thats right
[/quote] ahh… I misunderstood the problem. Now I see.
If you try to post same text via livejournal, everything will be ok ;)
@bobrik: found the problem and applied patch in SVN.
Thank you :) You’re making good work. I appreciate that
@will, I have only one library & I can share my log through email. mail to mail@yeleleo.co.uk
Hello! I use WP v.2.6 and plugin WP-OpenID v.2.2.2 When i try to use openid (lj or myopenid.com) i see this error: “Unable to authenticate OpenID”. What does that mean? How can i fix it?
I try Livejournal and MyopenID.com - both time “Unable to authenticate OpenID”
Will, is this issue still open and/or being worked? Something in the latest changelog sounded like it, so I got excited, but the problem still seems to exist.
Thanks for your hard work on this!
@LifeAsItComes (Kevin): well that issues certainly doesn’t exist anymore in its current form, simply because authentication requests would never have a return_to of anything in wp-admin/… all responses comes back to /?openid_consumer.
Here’s the error I get now:
Error: OpenID assertion failed: return_to does not match return URL. Expected http://lifeasitcomes.com/, got http://lifeasitcomes.com/?action=verify
Error: Unable to authenticate OpenID.
And what about my wuestion?
Will, Thanks for the plugin. This is a really important bit of infrastructure for wordpress to be receiving.
Unfortunately, I’ve noticed that I am receiving the following error: PHP Fatal error: Too many values for format string: => 1218639686 in [my home dir]/public_html/wp-content/plugins/openid/store.php on line 441
That comes from the interpolate function. The error arose when I clicked on the “Manage” tab on the dashboard, and it resulted in a 404.
I’m using WP2.6. Please mail me if you want more information. Thanks!
I’m having problems with WP-OpenID 2.2.2. When I try to log in to my blog I get the following error message: “Could not discover an OpenID identity server endpoint at the url: http://djupsjobacka.com/id/basse”
I know the OpenID I used is ok, because I use it on other sites without problems. What could be wrong?
Will you add support for the avatar system for Openid?
http://www.openvatar.com
Thanks.
@Sebastian: I’m having the same problem. The linking only works when I point directly to the server’s location - the header s at my homepage aren’t followed.
However, the process just completed first time when I tested posting an OpenID comment while logged out of my local mirror of my blog. Could be because it’s a local mirror, could be because I was using IE to avoid logging out of Fx, could be because I was logged out…who knows.
I submitted a bug report about it the other day.
(Another bug: this comment wouldn’t submit until I entered a name and e-mail!)
[quote comment=”23190”]Will you add support for the avatar system for Openid? http://www.openvatar.com [/quote] You should be able to do this pretty easily already… the get_avatar() function added in 2.5 is pluggable, and wp-openid provides a is_comment_openid() function. Using those, an openvatar plugin could be done with pretty minimal code.
With a Livejournal openID, I’m getting this problem: http://wordpress.org/support/topic/194995 which, if I correctly understand this blog post: http://sbrlabs.com/blog/?p=7540 is caused by the same lack of an XML-DOM parser that shows up as an error when I try to log-in with a Yahoo/Flickr openID. In other words, I won’t be able to use openid until PHP is upgraded or extended on my server. There’s also a javascript error because add_openid_to_comment_form gets called in every footer, but the function is included only on pages with comment forms.
I also have a bug with signin in on verisign
but keep op the good work with OpenID and MicroID!
I use this recipe to cut down on post spam: http://docwhat.gerf.org/2007/08/rename-wp-comment-post/
Your plugin has wp-comments-post.php hardcoded into it.
Would it be possible to make this a configurable option so I don’t have to remember to patch your plugin every time?
I would be fine with a ‘silent’ option that requires direct SQL access or something like that.
Ciao!
[quote comment=”23075”]Error: OpenID assertion failed: return_to does not match return URL. Expected http://lifeasitcomes.com/, got http://lifeasitcomes.com/?action=verify
Error: Unable to authenticate OpenID.[/quote]
I get the same error. This happens when trying to add OpenID URLs to an account through the profile page.
I’ve tried pinpointing what’s wrong, but I’m in the dark since I don’t know enough about the standard.
What I found is that parameters are missing when they are being checked for in _verifyReturnToArgs (Auth/OpenID/Consumer.php) during the check of $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
Hopefully this can help you in pinpointing and fixing the problem.
/Nathan
Using it here? My OpenID self hosted provider crash out this… Testing again..
I get this:
“We were unable to authenticate your claimed OpenID, however you can continue to post your comment without OpenID:”
After correctly and successfully authenticating with my OpenID at http://collantes.us/
Do you also currently face issues with the use of Yahoo!-OpenIDs?
I can’t login with Yahoo-IDs on my WPOpenID-Installation.
I got a question.
If I created an account and add identify link, I can still use my chosen username.
If I didn’t create an account and use identify link to login & create account, I will not be able to switch my user name away from identify link.
Am I correct regard to this? Is it possible to pull first name, last name, or username from 3rd party, such as “Yahoo”.
Thanks in advance.
@weinschenker: I’ve not had any problems with Yahoo OpenIDs.
@Ray: If you create an account using an OpenID, your username is generated from the OpenID you logged in with. You could then modify which OpenIDs are associated with your account, but the username can’t be changed. I’ve thought about maybe letting the user choose their username at the time of account creation, but haven’t added that in yet.
To allow user specify username at open id register process sounds good idea.
I know you are busy at new version. You Rock!!!
Thanks x 200%
Please let me know if you need any help, but I am sure I am not as smart as u do.
still no solution?
4 Trackbacks
[…] wp-openid 2.2.0 released Will Norris of Vidoop has released version 2.2.0 of the OpenID plugin for WordPress. This version includes “support for Email Address to URL Transformation - now you can use an email address anywhere you normally use an OpenID.” EAUT! […]
[…] of the DiSo project, who happened to co-author the OAuth spec and wrote the WordPress OpenID plugin, amongst many other things. Then by launching the email to url translation service emailtoid.net […]
[…] just activated the Open ID plugin for my Wordpress blog (wp-openid 2.2.0). As with the previous release, it still doesn’t work for me. I tried logging in with two […]
[…] The WordPress Plugin - latest version, by Will Norris […]