Unable to login with Livejournal OpenID
Unable to login with Livejournal OpenID
| Issue ID: | 2659 |
| Issue Category: | bug |
| Component: | openid |
| Priority: | normal |
| Status: | fixed |
| Assigned: | brion |
| Keywords: | livejournal |
I originally created my identi.ca account via livejournal.com OpenID.
Just now I tried to login using the OpenID. I was redirected to http://www.livejournal.com/openid/server.bml
which says
"This is an OpenID server endpoint, not a human-readable resource. For more information, see http://openid.net/."
I just checked that I was able to login to Stack Overflow using the same OpenID, so I guess it is not a problem with Livejournal.
At http://www.livejournal.com/openid/options.bml ("Sites you trust") I have listed both http://identi.ca/ and https://identi.ca/ .
Updates
#1
#2
I can confirm this error on identi.ca using brionv.livejournal.com as OpenID endpoint, in Firefox 4.0b4/Linux. (Could still be due to a change on their end, also don't know whether we're doing the redirect right or not.)
#3
WTF... ok, it looks like on the LiveJournal side this error message is output from the Net::OpenID::Server perl module, which accepts only GET requests for all but two particular request types.
Since we're sending a POST for the checkid_setup message, it doesn't see its GET parameters and rejects the message.
However... it looks like the janrain-based OpenID library we're using has been generating POST forms for this for years as well; neither bit of code looks like it's been changed in some time... so I'm not sure how this previously would have worked, unless perhaps there was a hack on LiveJournal to work around it which has since been removed.
Can probably resolve this by sending data as a GET request, though that's always a little icky it's not too awful, should be transitory and such.
(OpenID 1.1 specs checkid_setup as a GET request, but there's nothing said about it in the OpenID 2.0 spec, other than that if sending a POST, all params must be in the POST body.)
#4
Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=42202
Fix is on 0.9.x branch, will drop it into bugfix update queue as well:
http://www.gitorious.org/statusnet/mainline/commit/961aba68fc7a03e784591...
The Net::OpenID::Server perl module that LJ uses appears to be very picky about input, and rejects most request types unless the data comes in as GET parameters (apparently following OpenID 1.1 rules, rather than OpenID 2.0 rules which permit any request to be POSTed but requires that if so, the data must all be in the POST body).
Apparently something got updated on LJ at some point that's either added that behavior or (more likely) added the OpenID 2.0 namespace info to discovery, which tells the Janrain-based OpenID libraries that they should go ahead and do POST requests instead of redirects to GET requests... thus breaking everything. ;)
GET should be just fine for both 1.1 and 2.0 though, and also saves having to sit through that lame autosubmit page.
Switched the authentication submission from checking whether it should redirect to GET or do a form POST, to simply always doing the redirect to GET.
Tested against providers:
* LiveJournal
* Google
* LaunchPad
* identi.ca
You can also subscribe to the
RSS feed for updates to this issue.