1

Yahoo OpenId 2.0 not redirecting

I am using DotNetOpenAuth library to handle the Relying Party aspects of authenticating with Yahoo OpenId, and in short this morning Yahoo! does not redirect the user back to the relying party. The behavior we are seeing is that the user successfully authenticates with yahoo, and is passed into yahoo's home page instead of redirecting back to the specified redirect uri.

The base uri that we use to discover the Identity Provider is 'https://me.yahoo.com/' which returns to us the Identity Provider OpenId endpoint of : 'https://open.login.yahooapis.com/openid/op/auth'

by
9 Replies
  • Additionally, the url address bar on the Yahoo Login page reads 'https://login.yahoo.com' without any query parameters. Before the behavior was such that the various claims and redirect uri were carried through to this page.

    0
  • More context: Adding an extension for MaximumAuthenticationAge is what causes the issue. We are attempting to require a login every time the user comes to our website. I removed that bit of code and authentication works fine.

    0
  • If we leave off the query parameters:

    'openid.ns.pape', 'openid.pape.max_auth_age' 'openId.pape.preferred_auth_policies'

    it works fine. The unwanted side effect of this is that the user no longer is forced to enter credentials. Is this something that is planned to be fixed?

    0
  • We are seeing this exact same issue. We noticed the problem at 5:45 am Eastern. Does anyone know of a way to escalate these issues to yahoo other then this forum?

    1
  • I've been trying to fine one all day. I have not found it yet!

    0
  • +1 more site having this issue in case anyone at Yahoo is reading this. Turning off re-authentication is a huge problem especially given the advice given here -

    http://developer.yahoo.com/forum/OpenID-General-Discussion/Forcing-Login/1273274405000-67695d57-8b47-37d6-81c9-c42c1be8ba1e

    0
  • I by no means think this is a permanent fix but I have a work around that is pretty terrible yet still works.

    We do all the authentication in a popup invoked from javascript. I hook the window.onload event from the window object returned by window.open with a target of '_blank' and sent that windows location to 'https://login.yahoo.com/config/login?logout=1'.

    This logs the user out, and then in the onload function i set the window.location to my RP's openId login workflow.

    This is a terrible work around, and I by no means think this is good or a long term solution, but until Yahoo gets their s*** together I had to do something.

    0
  • Looks like this issue has been corrected.

    0
  • Yahoo not authenticating mail sent from Outlook for Mac.

    0

Recent Posts

in OpenID General Discussion