从 Core 中移除 Yahoo 登录，并弃用 OpenID 2.0

This week we will be removing support for Yahoo logins from Discourse.

Why?

1. It gets very little use. Across sites we manage, less than 0.3% of social login attempts are performed using Yahoo

2. It is the last provider using the OpenID2.0 specification, which has been declared obsolete by the OpenID foundation. It does not have the same security features as OAuth2 / OpenID Connect.

What about users that have already registered using Yahoo?

They can log in with email, log in with another social provider (with a matching email), or use the ‘Reset Password’ button.

But I still want Yahoo login on my forum!

No problem! You can use Yahoo’s OpenID Connect implementation with our OpenID Connect plugin. I’ve added some Yahoo specific instructions to the OpenID Connect setup instructions.

I use OpenID 2.0 in one of my plugins

For now they will continue to work, but will log a deprecation notice. Support will be removed in the next major release. You should look into migrating to a more modern authentication protocol. Our basic OAuth2 and OpenID Connect plugins should be flexible enough for most requirements.

随着下一个版本即将发布，Discourse 核心已移除了对旧版 OpenID 2.0 的支持。该功能既未被核心使用，也未被任何官方插件使用，且弃用通知自 2019 年 4 月就已发布。

以防有人尚未看到弃用通知，包含账户关联的数据库表尚未被删除。任何通过 ActiveRecord 访问该表的尝试都将抛出异常。该表将在 v2.5 版本之前被删除。