ikiwiki/doc/forum/google_openid_broken__63__....

53 lines
2.6 KiB
Markdown

Now that google supports using thier profiles as OpenIDs, that can be used
directly to sign into ikiwiki. Just use, for example,
<http://www.google.com/profiles/joeyhess> . Tested and it works. --[[Joey]]
> This seems to work fine if you use the profile directly as an OpenID. It doesn't seem to work with delegation. From that I can see, this is a deliberate decision by Google for security reasons. See the response [here](http://groups.google.com/group/google-federated-login-api/browse_thread/thread/825067789537568c/23451a68c8b8b057?show_docid=23451a68c8b8b057). -- [[Will]]
## historical discussion
when I login via to this wiki (or ours) via Google's OpenID, I get this error:
Error: OpenID failure: no_identity_server: The provided URL doesn't declare its OpenID identity server.
Any idea how to fix this??
> Google is [doing things with openid that are not in the spec](http://googledataapis.blogspot.com/2008/10/federated-login-for-google-account.html)
> and it's not clear to me that they intend regular openid to work at all.
> What is your google openid URL so I can take a look at the data they are
> providing? --[[Joey]]
http://openid-provider.appspot.com/larrylud
> I've debugged this some and filed
> <https://rt.cpan.org/Ticket/Display.html?id=48728> on the Openid perl
> module. It's a pretty easy fix, so I hope upstream will fix it quickly.
> --[[Joey]]
>> A little more information here: I'm using that same openid provider at the moment. Note that
>> that provider isn't google - it is someone using the google API to authenticate. I normally have it
>> set up as a redirect from my home page (which means I can change providers easily).
<link rel="openid.server" href="http://openid-provider.appspot.com/will.uther">
<link rel="openid.delegate" href="http://openid-provider.appspot.com/will.uther">
>> In that mode it works (I used it to log in to make this edit). However, when I try the openid
>> URL directly, it doesn't work. I think there is something weird with re-direction. I hope this
>> isn't a more general security hole.
>> -- [[Will]]
----
So, while the above bug will probably get fixed sooner or later,
the best approach for those of you needing a google openid now is
to use gmail.
Just a note that someone has apparently figured out how to use a google
openid, and not a third-party provider either, to edit this site.
The openid is
<https://www.google.com/accounts/o8/id?id=AItOawltlTwUCL_Fr1siQn94GV65-XwQH5XSku4>
(what a mouthfull!), and I don't know who that is or how to use it since it
points to a fairly useless xml document, rather than a web page. --[[Joey]]