I am using DotNetOpenAuth library to handle the Relying Party aspects of authenticating with Yahoo OpenId, and in short this morning Yahoo! does not redirect the user back to the relying party. The behavior we are seeing is that the user successfully authenticates with yahoo, and is passed into yahoo's home page instead of redirecting back to the specified redirect uri.
Additionally, the url address bar on the Yahoo Login page reads 'https://login.yahoo.com' without any query parameters. Before the behavior was such that the various claims and redirect uri were carried through to this page.
More context: Adding an extension for MaximumAuthenticationAge is what causes the issue. We are attempting to require a login every time the user comes to our website. I removed that bit of code and authentication works fine.
I by no means think this is a permanent fix but I have a work around that is pretty terrible yet still works.
This logs the user out, and then in the onload function i set the window.location to my RP's openId login workflow.
This is a terrible work around, and I by no means think this is good or a long term solution, but until Yahoo gets their s*** together I had to do something.