Hi everybody,
as of now, SMF does not support OpenID 2.0 very well. One of the missing features is the ability to handle claimed_id returned by the OpenID provider. This means for instance that if an OpenID provider reregisters an identifier after it was removed by the original user, the second owner of the identifier would be able to access accounts registered for the original user (claimed_id resolves this by assigning a different claimed_id to subsequent users). It also makes it impossible to provide OpenID login without the user typing in the identifier first.
Because we depend on this feature in MojeID (hxxp:www.mojeid.cz, an OpenID service run by the Czech domain registry), we decided to create a patch that would improve handling of OpenID 2.0.
I am attaching the patch to this post. It is made against the 2.0.2 release. I also attach a short description of the changes introduced by this patch.
Best regards
Beda
p.s. - Please point me in the right direction in case there is a better place to post this patch.
Hi, and welcome to SMF :)
I'm sure this is a perfectly good place to post this, if you concider this a bug in the original 2.0 implementation of OpenID.
That's great.
How would this patch be applied to an existing 2.02 install?
beda, thanks for the patch. I'd like to point you to the SMF 2.1 Github repository - https://github.com/SimpleMachines/SMF2.1
Please track here: https://github.com/SimpleMachines/SMF2.1/issues/151