• Welcome to Simple Machines Community Forum. Please login or sign up.
January 17, 2022, 06:12:47 PM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


[GH#151] OpenID 2.0 support

Started by beda, April 12, 2012, 07:14:20 AM

Previous topic - Next topic

beda

April 12, 2012, 07:14:20 AM Last Edit: June 14, 2014, 08:36:20 AM by Antes
Hi everybody,

as of now, SMF does not support OpenID 2.0 very well. One of the missing features is the ability to handle claimed_id returned by the OpenID provider. This means for instance that if an OpenID provider reregisters an identifier after it was removed by the original user, the second owner of the identifier would be able to access accounts registered for the original user (claimed_id resolves this by assigning a different claimed_id to subsequent users). It also makes it impossible to provide OpenID login without the user typing in the identifier first.
Because we depend on this feature in MojeID (hxxp:www.mojeid.cz, an OpenID service run by the Czech domain registry), we decided to create a patch that would improve handling of OpenID 2.0.
I am attaching the patch to this post. It is made against the 2.0.2 release. I also attach a short description of the changes introduced by this patch.

Best regards
Beda

p.s. - Please point me in the right direction in case there is a better place to post this patch.

Aleksi "Lex" Kilpinen

Hi, and welcome to SMF :)

I'm sure this is a perfectly good place to post this, if you concider this a bug in the original 2.0 implementation of OpenID.
A Finnish Project Manager (Support Specialist)
 Happily running multiple SMF 2.x installations.
  Fooling around with i7-10700 @ 2,90GHz-4.80GHz / 16Gb / RTX-2070 Super / 3840x2160 / Win 10 x64


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Armada

That's great.

How would this patch be applied to an existing 2.02 install?
--- SMF Rocks even more than YabbSE---

Joshua Dickerson

beda, thanks for the patch. I'd like to point you to the SMF 2.1 Github repository - https://github.com/SimpleMachines/SMF2.1
Come work with me at Promenade Group



Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Antes


Advertisement: