Testing OpenID authentication

โ€”

by

in

This entry is for testing OpenID authentication. If you have an OpenID, try it out here.

If you do not have an OpenID, you will still need to fill out the Name and Email fields. The Website field (even though it has the OpenID label) remains optional.

If you’re not sure if you have an OpenID, check out this big list of providers, which includes LiveJournal, WordPress.com, TypeKey, Technorati, and many others.

If you do have an OpenID, the only required field is Website. In this case, Name and Email become optional.

Update (30-Aug-2007): I have closed comments for this entry.

Jump to the comment form, or read detailed instructions:

  1. The OpenID in the Website field needs to be in a URL format. For example, if you’re a LiveJournal user the format would be username.livejournal.com, where username is the name of your blog. The http:// at the beginning is optional.
  2. Enter something in the Comment textarea, then hit the “Post” button.
  3. You should be taken to your OpenID provider’s site to authenticate (unless you had previously authenticated as “Yes, all the time”). Hit either the “Yes, allow once” or the “Yes, always allow” button.
  4. If you have time, feel free to test out “No, deny” authentication, which should not post your comment. Also feel free to test “Preview” before hitting “Post” to submit a comment in step 2, as well as the both authentication choices mentioned in step 3. Remember that “Yes, always allow” means that you won’t need to revisit your provider’s authentication page again (unless you reset the state on your provider’s site).
  5. Whatever your choice, you should be returned to the article (single post) page.

Notes:

  • This should still work even if your OpenID is a placeholder site. For example, a blog with no entries, such as those at LiveJournal used for lurking. ๐Ÿ˜‰ There’s the possibility of manual spamming, but that already existed before having OpenID authentication anyhow.
  • If you leave the Name field empty, Anonymous will be displayed for your name.
  • If you’re willing, please let me know (in the comments) if you’re OpenID is delegated, and how so (e.g., manual editing of head elements, a blog plugin, etc.). Ignore this if you don’t know what I mean.
  • I have disabled User Registration and logins on this site (except for myself, of course). However, the plugin I use for OpenID authentication (WP-OpenID+) does autogenerate a WordPress account (Subscriber level) based on your OpenID.
  • Yes, I know the layout needs cleanup. ๐Ÿ™‚

Comments

14 responses to “Testing OpenID authentication”

  1. So much for open commenting? Ah well.

  2. Test via LJ

  3. Oops, mistyped my LJ name.

  4. I have a vague idea that I have an OpenID server running on my server, but I no longer remember where it is and don’t have time to go look for it.

    Wanted to mention that I found the process/flow here mildly confusing. In my first comment, I typed in info, clicked Preview, saw no indication that OpenID was involved, clicked Post, and got a quasi-CAPTCHA; typed in the letters and number, and the post went up without any OpenID authentication (because I’d mistyped my LJ URL). In my second comment, I typed in info, clicked Preview, saw no indication that OpenID was involved, clicked Post, and got LJ auth. All of that behavior in both cases was perfectly reasonable from the computer’s point of view; I’m just saying that until the OpenID auth page came up or didn’t come up, I didn’t have any way of telling whether I was doing it right.

    I’m not sure there’s a way around that, though, given that at the time of Preview, there’s no way to know whether the OpenID auth will succeed, or even whether the commenter is trying to OpenID authenticate….

    Btw, I also tried the “No” option when LJ asked me to authenticate, and I got redirected to some kind of WordPress login page, which was a little confusing.

    –jed

  5. Test test test

  6. Testing comment without Login Stayput. Let’s see if I’ll be returned directly to this page after authentication…

  7. Hm, interesting. I was directed back here. Ah, wait, I need to test “No” in the LJ auth page.

  8. Okay, I was able to reproduce the WP login page issue Jed saw when responding “No” to the LJ auth form. The trick is that I first had to remove the WP user acct that was created back in comment 8 (oops). Now, let’s see if it also occurs when Login Stayput is turned ON. (But first, remove this acct beforehand, again.)

  9. Testing “No” response to LJ auth, with Login Stayput activated. Results: The WP login page still appears (with the message, ” OpenID Verification Cancelled.”), in spite of this plugin. Drat! So perhaps it is a bug between WP and the WP-OpenID+ plugin am using.