OpenIdAuthenticator plugin fails

We have added CSRF protection to the OpenIDAuthenticator. That means that it sets the callback url to https://your.forum/auth/openid/callback?state=xxxxxxxxx (where xxxxx is randomly generated). The OpenID provider needs to redirect back to exactly that same URL. In theory this should work fine, and worked without changes on the one “official” openID integration (Yahoo).

Note that “OpenID 2.0” has been declared obsolete, and it’s very likely we will remove it from Discourse soon. The best thing would be to move to a more modern specification like OpenID Connect.

It looks like mojeID supports this new standard, so you could try the OpenID Connect Authentication Plugin

4 Likes