Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

[Solved] [GitHub Bug #907] OpenID broken for months

x00x00 MVP
Even on this site.

I want to draw attention to GitHub Bug #907

Many of us are reliant on openid, this seem to be a conflict with recent authentication code.

It is not to do with the lightopenid code as far as I cans see. I have used the existing version and the curl version and they both validate (some minor changes are need for shared hosting but that is expected).

I wonder if it is to do with the postback.

grep is your friend.


  • LincLinc Detroit Vanilla Staff
    I'll ping @Todd to see if he has the time to fix for .18, but sadly this may get left behind a while longer; we're stretched a bit thin. :/
  • Meanwhile I'm looking into this, if it wasn't so elusive I would have fixed it by now. I'm going to go back a few versions, becuase I don't think the plugin code has changed much.

    I recommended in the next update that you use the curl version of LightOpenID, there is no good reason to use f* based transfers. There is a little modification that makes is shared hosting friendly.

    I think the twitter, or another authenticator used curl for everything except to get the credentials, bit of a waste.

    grep is your friend.

  • Solved. See GitHub Bug #907

    Once openid is validated. It needs to be carried over the various stages. Otherwise you end up going round in circles, it can't be validated twice.

    grep is your friend.

  • @Lincoln can you put [solution] in the title. Thanks

    grep is your friend.

  • LincLinc Detroit Vanilla Staff
    edited September 2011
    Sure thing. I'll have Todd take a look tomorrow. Thanks!
Sign In or Register to comment.