I’ve just released version 2.2.0 of the OpenID plugin for WordPress. Notable additions in this version:
- POST replay for comments - this should fix all the compatibility issues with other comment related plugins like reCaptcha.
- MUCH better memory usage - like no longer needlessly building a 2MB object on every page load!
- support for Email Address to URL Transformation - now you can use an email address anywhere you normally use an OpenID
- fixed OpenID Spoofing vulnerability - users’ profile URLs must match one of their OpenIDs
- using hooks for gathering user data - other plugins can now hook in and gather user info from FOAF, hCard, whatever
- If OpenID authentication fails for whatever reason, the user is given the opportunity to submit their comment without OpenID
- lots of little fixes, code refactoring and cleanup, and a lot of UI tweaks
Download at http://wordpress.org/extend/plugins/openid/.
I tested pretty thoroughly on WordPress 2.2 through 2.6 using PHP5. I’m fairly certain I didn’t break PHP4, but let me know if you find any problems.
With this out the door, I’ll be jumping right into my feature list for the next major release – adding a native OpenID Server and delegation capabilities. At that point, it should be able to handle all of your OpenID related needs.
Comments and responses
the plugin doesn’t work for my. Like in older versions I still get the following error, when I try to connect my OpenID to my account:
Error: OpenID assertion failed: Server denied check_authentication
I use my OpenID everywhere I can - other Relying Parties don’t seem to have any problems with the check_authentication requests.
@Dennis: do you have big integer support on your server? On the WP-OpenID config page, click “Toggle More/Less” and look for red failures
@Chris: not sure why your comment doesn’t show as having been OpenID authenticated… did it take you through the EAUT flow? I just tried and it seemed to work okay.
Looks like something is broken in either the OpenID library or in WP-OpenID. I get this error message on my test system:
Could not discover an OpenID identity server endpoint at the url: docwhat.gerf.org
When I updated to 2.20 most of my patches to OpenID fell out. I assume this is a good thing. If you recall, I had patches to fix the web page parsing.
The old findHTML() function seems to be gone, so I assume that they aren’t needed anymore?
I can see that it does (two?) fetches of docwhat.gerf.org. But I don’t seem to be able to figure out where in the parsing it fails. :-(
Others seem to be having trouble too: http://wordpress.org/support/topic/191523
Click Settings Click WP-OpenID Above the words “WP-OpenID Registration Options” there is a box. It says “Status Information” Click on “toggle more/less” Below the line about “library: BCMath” there may be a line about “Loaded long integer library”. If there is at it says “FAIL” then report that. If the line doesn’t exist, then it is OK
@Will: You may want to make that line appear even if it’s OK. It is confusing otherwise.
When I try to add my OpenID to my user account in WP 2.6, I get:
Error: OpenID assertion failed: BAD_REQUEST
I checked the settings, nothing red.
Any ideas? I’m delegating to verisign labs. Haven’t had problems with DOPPLR or identi.ca.
Also, in posting this comment here, I got a “We were unable to authenticate your claimed OpenID, however you can continue to post your comment without OpenID”.
@Christian: your server is returning an HTTP 400 to the request made by the openid library. The exact request (which reproduces the 400 over telnet) is:
GET / HTTP/1.1 Range: bytes=0-1048576 User-Agent: php-openid/2.1.0 (php/5.2.5) curl/7.16.3 Host: docwhat.gerf.org Accept: application/xrds+xml, text/html; q=0.3, application/xhtml+xml; 0.5
Sidenote: Hey Will what do you think about making it easier to provide you with debugging information, and a better diagnostic dashboard for folks who are trying to figure out what (or where) things are going wrong?
It seems to me that the current UI might be a little hard to get to or make use of… It might also be useful to add a link to a Satisfaction site for support – or to the wordpress.org support page.
[quote comment=“22568”]@Christian: your server is returning an HTTP 400 to the request made by the openid library. [/quote]
It appears that Bad Behavior is catching the openid request as something bad.
It appears that it doesn’t like the range header, which is a bit odd…
I’ll see if I can do something about having Bad Behavior block those, but probably not sending a “range” header is probably a good idea.
Meanwhile, I submitted a patch to the author of bad-behavior to allow php-openid clients to use range, as well.
@TheDoctorWhat Thanks for your advice. I installed the latest version of the plugin (2.2.1) and verified that everything is on the plugin side is okay, the line reads the following:
[OK] Big Integer support: GMP is installed.
Unfortunately it still doesn’t work. I guess it would be good to pick up Chris’ idea, so I can find out and provide more information about what’s going wrong.
Have a nice weekend, Dennis
Since upgrading, the wp-openid doesn’t seem to handle openid redirects. I get the following error:
Could not discover an OpenID identity server endpoint at the url: toph.ca
Any idea on what is going on?
Email to ID hat seine Spezifikation. Email Address to URL Translation (kurz EAUT) ist ein offenes Protokoll um E-Mail - Adressen zu URLs zu transformieren um sie für Services wie z.B. OpenID verwenden zu können.
Email Address to URL Transformation (EAUT) defines a mechanism for transforming the "addr-spec" portion of an RFC2822 email address into an associated URL. The transform options outlined in this document are designed to be flexible enough such that every DNS domain-owner can specify unlimited email address to URL transformations that services can easily discover and utilize in their URL-based transactions.
Das Prinzip ist einfach:
- Zuerst wird die EAUT Discovery Endpoint URL ermittelt. Bei der E-Mail - Adresse
email@example.comäre die URL
- Als nächstes wird unter der URL nach Discovered Information (XRDS-Simple) gesucht.
- Sind Informationen verfügbar, wird die E-Mail - Adresse entsprechend der Vorgaben gemappt.
- Gibt es keine passenden XRDS-Simple Daten, werden Mapper wie z.B. Email to ID empfohlen.
Wen interessiert welche Schritte genau durchgeführt werden oder ob der eigene E-Mail - Provider ein entsprechendes Mapping unterstützt, kann seine E-Mail - Adresse hier testen (Beispiel: firstname.lastname@example.org).
Examples in the wild
Just wanted to let everyone know that we just deployed EAUT support over at Ma.gnolia (http://ma.gnolia.com). You can now type in your email address in the OpenID field and we'll resolve using EAUT with https://web.archive.org/web/20080929085748/http://emailtoid.net/ as the default.
My problem with OpenID 2.2.1 here
but OpenID 2.1.9 works good
Update: when i tried to use my livejournal.com openID here, to comment in your blog i’ve get just the same :))
“Error: please fill the required fields (name, email).”
something wrong in your new versions…
Does your EAUT implementation fall back nicely to the existing way we do email-as-openID? Does it have a last-resort-emailtoid checkbox we can turn on?
Testing the answer to my first question in the comment… heh
EAUT fail - it did not accept my http://email@example.com like and OpenID 2 compliant impl’s do.
Trying with my normal openid
[quote comment="22738"]Stephen, you seem to be running into the same problem as DocWhat above… Bad Behavior is causing a HTTP 400 when php-openid requests your XRDS document.[/quote]
Any chance of removing the RANGE portion of the request? Why is it there in the first place?
- it’s a valid http request, so Bad Behavior should allow it, regardless
- I don’t want to ship a modified version of the JanRain library if I can at all keep from it
- I will ship a modified version of the library if we need to, but I want some more information before doing so
Will: I saw your email on the openid list. I didn't realize it was in the openid library itself.
I already submitted a request to bad-behavior to no block the UA php-openid. Range seems like an odd thing to filter on, though. :-/
I don't know which is in the 'wrong' because I don't know enough about either situation.
Hi, I have troubles with openid.pl When I entered my OpenID address at openid.pl I received an error: “The Request that you have attempted does not meet the OpenID protocol standard - please contact the host administrator of your site to advise them of this situation.”
myopenid.com for example works fine. Can you check or add the openid.pl?
I am getting this error
Fatal error: Call to a member function finish_openid_auth() on a non-object in /home/danesh/domains/thedaneshproject.com/public_html/wp-content/plugins/defensio-anti-spam/defensio.php on line 619
I installed v2.2.1 (on WP 2.4.1), and no longer seem to be able to post comments when your plugin is activated. I get the following error when wp-comments-post.php runs:
You must submit a comment using the comment form.
I checked the plugin’s status info, which displays a failure for Big Integer support:
[FAIL] Big Integer support: The OpenID Library is operating in Dumb Mode. Recommend installing GMP support.
Are there any workarounds I could apply? Comments can be posted if I turn off openid, but of course that means no openid support for my site.
Thanks in advance!
Hey, Will! I have a problem with this plug-in This is a message, what I have: Plugin could not be activated because it triggered a fatal error.
At the same time plug-in status is activated, but there are two more messages after attempt to log in using openid: Warning: constant(): Couldn't find constant PEAR_LOG_WARNING in /home/www/yeleleo.co.uk/blog/wp-content/plugins/openid/core.php on line 58
Fatal error: Call to a member function on a non-object in /home/www/yeleleo.co.uk/blog/wp-content/plugins/openid/core.php on line 59
Please help me to fix this problem.. Blog here http://yeleleo.co.uk/blog/ Thanks!
Will Norris, did you seen first comment? I dont think thats right[/quote] ahh… I misunderstood the problem. Now I see.
Will, is this issue still open and/or being worked? Something in the latest changelog sounded like it, so I got excited, but the problem still seems to exist.
Thanks for your hard work on this!
Here’s the error I get now:
Error: OpenID assertion failed: return_to does not match return URL. Expected http://lifeasitcomes.com/, got http://lifeasitcomes.com/?action=verify
Error: Unable to authenticate OpenID.
Will, Thanks for the plugin. This is a really important bit of infrastructure for wordpress to be receiving.
Unfortunately, I’ve noticed that I am receiving the following error: PHP Fatal error: Too many values for format string: => 1218639686 in [my home dir]/public_html/wp-content/plugins/openid/store.php on line 441
That comes from the interpolate function. The error arose when I clicked on the “Manage” tab on the dashboard, and it resulted in a 404.
I’m using WP2.6. Please mail me if you want more information. Thanks!
I’m having problems with WP-OpenID 2.2.2. When I try to log in to my blog I get the following error message: “Could not discover an OpenID identity server endpoint at the url: http://djupsjobacka.com/id/basse”
I know the OpenID I used is ok, because I use it on other sites without problems. What could be wrong?
Will you add support for the avatar system for Openid?
@Sebastian: I’m having the same problem. The linking only works when I point directly to the server’s location - the header s at my homepage aren’t followed.
However, the process just completed first time when I tested posting an OpenID comment while logged out of my local mirror of my blog. Could be because it’s a local mirror, could be because I was using IE to avoid logging out of Fx, could be because I was logged out…who knows.
(Another bug: this comment wouldn’t submit until I entered a name and e-mail!)
I also have a bug with signin in on verisign
but keep op the good work with OpenID and MicroID!
I use this recipe to cut down on post spam: http://docwhat.gerf.org/2007/08/rename-wp-comment-post/
Your plugin has wp-comments-post.php hardcoded into it.
Would it be possible to make this a configurable option so I don’t have to remember to patch your plugin every time?
I would be fine with a ‘silent’ option that requires direct SQL access or something like that.
[quote comment=“23075”]Error: OpenID assertion failed: return_to does not match return URL. Expected http://lifeasitcomes.com/, got http://lifeasitcomes.com/?action=verify
Error: Unable to authenticate OpenID.[/quote]
I get the same error. This happens when trying to add OpenID URLs to an account through the profile page.
I’ve tried pinpointing what’s wrong, but I’m in the dark since I don’t know enough about the standard.
What I found is that parameters are missing when they are being checked for in _verifyReturnToArgs (Auth/OpenID/Consumer.php) during the check of $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
Hopefully this can help you in pinpointing and fixing the problem.
Using it here? My OpenID self hosted provider crash out this… Testing again..
I get this:
“We were unable to authenticate your claimed OpenID, however you can continue to post your comment without OpenID:”
After correctly and successfully authenticating with my OpenID at http://collantes.us/
Do you also currently face issues with the use of Yahoo!-OpenIDs?
I can’t login with Yahoo-IDs on my WPOpenID-Installation.
I got a question.
If I created an account and add identify link, I can still use my chosen username.
If I didn’t create an account and use identify link to login & create account, I will not be able to switch my user name away from identify link.
Am I correct regard to this? Is it possible to pull first name, last name, or username from 3rd party, such as “Yahoo”.
Thanks in advance.
@weinschenker: I’ve not had any problems with Yahoo OpenIDs.
@Ray: If you create an account using an OpenID, your username is generated from the OpenID you logged in with. You could then modify which OpenIDs are associated with your account, but the username can’t be changed. I’ve thought about maybe letting the user choose their username at the time of account creation, but haven’t added that in yet.
To allow user specify username at open id register process sounds good idea.
I know you are busy at new version. You Rock!!!
Thanks x 200%
Please let me know if you need any help, but I am sure I am not as smart as u do.