WordPress 2.3 Messes Up Your OpenID Delegation

No way home
by akashgoyal

If you use your WordPress blog as an OpenID (as I do) via a link rel=’openid.delegate’ tag (that delegates to an external OpenID service) then you may be locked out of your accounts after upgrading to WordPress 2.3.x.

WordPress 2.3 introduced a new feature called URL canonicalization that turns requests to foo.com into http://www.foo.com. The justification is that it helps normalize statistics gathering in some cases (though in my experience, Google Analytics needed no such help).

But what happens if you were using an OpenID like foo.com on a (OpenID ‘consumer’) site like pibb.com is that after the WP 2.3.2 upgrade you actually end up authenticating the id http://www.foo.com (not foo.com). So you can never get back into your foo.com account at pibb.com. Got that?

Update 4:49pm:

My initial solution was this nifty one-line disable canonical redirects plugin from Mark Jaquith. Simply drop that in your WP plugins and enable it and you’ll no longer suffer URL canonicalization. But a simpler approach was to simply set the blog URL to http://meme-rocket.com in general options. Now I’m redirecting http://www.meme-rocket.com to meme-rocket.com and all’s well.

About these ads
This entry was posted in identity, OpenID. Bookmark the permalink.

One Response to WordPress 2.3 Messes Up Your OpenID Delegation

  1. Mark Jaquith says:

    Another solution would be changing your Blog URL to http://foo.com in the WP General Options panel. The canonical redirects obey the yes-www or no-www preference specified in the URL. That way your blog URL will match your OpenID URL. Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s