wordpress.com openid endpoint does not sign SReg attributes
-
Using the latest release of openid4java, attempting to retrieve SReg attributes from a wordpress.com OpenId endpoint always fails, because wordpress.com is not signing those attributes as required (or, strongly recommended?) by the spec.
The exception message is:
org.openid4java.message.MessageException: 0x100: Namespace declaration for extension http://openid.net/sreg/1.0 MUST be signed
This issue appears to be shared by Atlassian’s Crowd, gerrit, and Paypal:
https://jira.atlassian.com/browse/CWD-2707
http://code.google.com/p/gerrit/issues/detail?id=1010
http://code.google.com/p/openid4java/issues/detail?id=169Note that Google, Yahoo, and AOL all work properly with the same codebase; presumably, they are signing the attributes returned in the OpenID RP response. Until this is resolved, users of third-party sites that use openid4java that attempt to retrieve user attributes (email, name, etc) from wordpress.com will not be able to do so (the
Cheers,
– Chas
Blog url: http://chasemerick.wordpress.com/ -
Thanks for letting us know. I assume you’re using http://chasemerick.wordpress.com/ as your OpenID, is that correct?
-
Yes, that’s what I’d been using for testing (that, or http://cemerick.com, which may resolve to the same OpenID identity).
-
Hm, that may very well be the problem.
Does it work for you if you temporarily set the primary domain back to chasemerick.wordpress.com via Store -> Domains in your blog’s Dashboard?
-
No. To avoid changing any settings for the live site, I tested with another wordpress.com site that has no custom domains associated with it. I get the same error, with the result that no extended attributes are accepted by the openid4java workflow.
Good idea though!
-
The WordPress blog used as an OpenID would have to be the same as your username, so chasemerick.wordpress.com is the only one that would work in this case.
Would you be able to test that for just a quick second?
-
Nope, chasemerick.wordpress.com doesn’t work either (after taking cemerick.com off as the primary domain).
-
- The topic ‘wordpress.com openid endpoint does not sign SReg attributes’ is closed to new replies.
WordPress.com Forums 