Yahoo now has OpenID for ... (18 Mar 2008)
Yahoo now has OpenID for all its accounts, which is great. Wonderful in fact. OpenID is a good thing for many authentication needs on the Internet and will make the world a better place.
However,...
- SHA256 isn't supported, only SHA1. It's true that the standard doesn't require it, but this still gets you lots of crapness points.
- The return_to is filtered. Probably someone here had good intentions, but I can redirect a browser to any URL, so filtering the return_to is pointless and overly restrictive. Specifically, it appears that:
- You can't have a port number in the host
- You can't have an IP address for a host
- You can't have a single element hostname (like localhost) So, more crapness points for Yahoo.