Iframe auth broken: yahoo sends double HTTP 302 (was working before)

Hello everyone!

I searched the forums and apparently nobody noticed yet: authentication performed via iframe seems to be broken from today.
I don't have a simple page, but a MochaUI platform (web destop) app which loads OpenID auth into virtual windows via iframe.
I tested even with a simple page like...

<iframe src ="https://open.login.yahooapis.com/openid/op/auth?... ">
<p>Your browser does not support iframes.</p>

The 302 headers cause the whole page to refresh diverting users to yahoo.com.

Does anyone know how to solve this, or can anyone of the Yahoo team restore it as it was before?

Thank you.

1 Reply
  • I just saw in the openID 2.0 specs that following the redirects is part of the normalization phase which is part of the consumer's job.
    Hence, please ignore the post.

    Thank you.

Recent Posts

in OpenID General Discussion