I welcome any initiative that could free us from logging in with a user name and password. I have created an account on countless websites and I have to remember all those user names and passwords. Except from being inconvenient, this is also not very safe.
The Identity Team of Mozilla Labs has recently launched BrowserID, an open source experiment to login with just two clicks. The idea is that your e-mail addresses represent your identity and that someone vouch for your ownership of it. You can read here how it works and you can try it here.
Because I like the idea and I wanted to support it, I wrote this WordPress plugin to allow logging in with BrowserID to any WordPress powered website (currently 50,899,997).
I am curious what you think about BrowserID.
When trying to login to my wordpress (using 3.3.1 on RHEL 6 with the BrowserID plugin v. 0.26 from http://wordpress.org/extend/plugins/browserid/, and Firefox Nightly) I get this error message:
Notice: Undefined variable: rememberme in /usr/share/wordpress/wp-content/plugins/browserid/browserid.php on line 281
Login failed (matej@somewhere)
Array
(
[status] => okay
[email] => matej@somewhere
[audience] => luther.somewhere
[expires] => 1330517453537
[issuer] => browserid.org
)
Any idea, what’s wrong? Also, how do I map user on WordPress (‘matej’ in this case) to the email address (‘matej@somewhere’)?
Thank you
I have replied here (I am in the process of moving over to a forum for my and your convenience).
Tried to apply BrowserID on wordpress 3.3.1 installation @ http://mwc.rottigni.net.
Click the BrowserID login button and confirm my mail, after a while I receive a Couldn’t connect to host error… what am I doing wrong?
TIA,
RP
I think your hosting server doesn’t allow a (secure) connection to browserid.org to verify the e-mail address. Is there some kind of error message? What you can do is turn on the debug mode using the plugin options so you can see some more things.
I miss the option for commenters to identify through browserid. The openID plugin offers the option to approve comments from authenticated instead of holding for moderation. Would be nice to have that for BrowserID as well?
Interesting suggestion. I will look into this. I have two questions:
The development version of BrowserID has this feature now!
we made a breaking change to the verifier on sept 29th. I believe this patch will fix it:
https://gist.github.com/1288148
cheers,
lloyd
In about two weeks I will be at home and test and release it. Is there a way to notify me ahead of this kind of changes?
I’ve applied the patch on two WordPress installations and I can confirm that it works.
Thank you for your report!
The patch removes the check for the expires time, which introduces a security leak.
Please upgrade to the just released version 0.21 of the plugin.
Hey mate, well i installed Browser ID on my website, and also used the browserID widget to put a Browser ID option for people that use my web site but i don’t seem to be able to use it but only in the login screen, any ideas?
Thanks for reporting this. Version 0.16 introduced this bug. It should be fixed in the just released version 0.19. Let me know if this is not the case.
Still same problem with 0.19 here..
Are you sure you are using version 0.19? If I look at your site I am missing the script include from browserid.org, which is the thing that was fixed by version 0.19. Are you using the widget, shortcode or template tag?
Yes, I installed version 0.19 before I tested. Was not aware the problem before it was mentioned here.
I’m using the shortcode..
I couldn’t reproduce the problem with the shortcode. Nevertheless it should be solved in the just released version 0.20
Let me know if this is not the case.
Hmm,cache is tricking me. ;(
0.19 is working. (0.20 is not available yet..)
Will this work even if wordpress users use a username to login with rather than their email? I’ve tried logging in to my own localhost using it and I just get a blank page.
Thanks,
Peter
This is what it looks like on the address bar:
http://localhost/wp/?browserid_assertion=-removed-for-privacy-reasons-&rememberme=falseYes, it should work “even if wordpress users use a username to login with rather than their email“. BrowserID is just an alternate, additional way of logging into your WordPress site.
Could you please turn on the debug mode using the settings page of the plugin and tell me if there is more info shown if you try to login?
After upgrading to the just released version 0.12 you will find ‘Site URL‘ and ‘Home URL‘ on the settings page (only in debug mode). Could you post these here?
No more info shown in debug mode when trying to login.
Site URL: http://localhost/wp (WordPress address / folder)
Home URL: http://localhost/wp (Blog address / Home page)
PHP Time: 1311226534 > 2011-07-21T05:35:34+00:00
Assertion valid until: > 1970-01-01T00:00:00+00:00
PHP audience: localhost
JS audience: localhost
Unfortunately, but I see from the info you have sent that the assertion doesn’t arrive at the plugin for some reason (the assertion contains the proof that the e-mail address is yours).
Could your please try to change the URL with the assertion (of the blank page) by removing /wp from it and see what happens? It should look like
http://localhost/?browserid_assertion=....You are running the plugin on a local installation. Does this installation have access to the internet? Is SSL setup?
It appears, after removing /wp, that it works as it sent me to an index.html file (localhost/index.html). So, having wordpress in a subfolder and not the root appears to be the problem. I use my localhost for testing before putting it on my webhost provider live. On my live site, wordpress is in such a subfolder.
My localhost does have access to the internet but is not SSL setup.
I suspect something is wrong to your installation. The Site/Home URL indicates that your URL should be http://localhost/wp, but in reality it is http://localhost. Maybe the redirection for the sub-folder isn’t setup correcty. Try adding the following two defines to
wp-config.phpto see if your site and the BrowserID are still working.define('WP_HOME', 'http://localhost');
define('WP_SITEURL', 'http://localhost');
More info about changing the site URL can be found here.
Another question: are there any log entries in the server log related to this problem?
Yes:
[Wed Jul 20 18:35:30 2011] [error] [client 127.0.0.1] PHP Fatal error: Cannot use object of type WP_Error as array in C:\\Special-fromUSB\\www\\wp\\wp-content\\plugins\\browserid\\browserid.php on line 132, referer: http://localhost/wp/wp-login.php[Wed Jul 20 18:38:14 2011] [error] [client 127.0.0.1] PHP Fatal error: Cannot use object of type WP_Error as array in C:\\Special-fromUSB\\www\\wp\\wp-content\\plugins\\browserid\\browserid.php on line 132, referer: http://localhost/wp/wp-login.php?redirect_to=http%3A%2F%2Flocalhost%2Fwp%2Fwp-admin%2Foptions-general.php&reauth=1That is a bug. Don’t change anything yet to your installation, I will repair this now, so that we can see what WordPress error is being reported.
I have sent you a fixed version by e-mail.
Have installed and replied via email
Most hosting providers do and should setup the SSL system correctly. So, this probably wont be a problem on your production site. Else you can always check the option ‘Do not verify SSL certificate‘. There is a slight security risk with this (specifically a Man-in-the-middle-attack).
Thank you Marcel for all of your help. You are a good person and I appreciate your work.
Peter
Hi Marcel,
My name is Shane Tomlinson, I am one of the Mozilla developers for Browserid. We are absolutely thrilled that you whipped this up so quickly, we are looking for as many people as possible to develop towards the proposed spec and give us feedback. I’ve already tested it in my site and the install went smoothly. Would you be open to discussing your experience in developing this plugin, where your pain points were, and any ideas that you have?
Thanks,
Shane
I am glad I could help. I will send you an e-mail for the discussion.
Two comments:
a) What are custom login/logout HTML for? Can I leave it blank? Can you document it somewhere?
b) It seems to be broken when “WordPress address” != “Site address” (after verification it goes to Site Address, but I suspect it really wants WordPress address).
Thanks for you feedback!
a) You can leave this blank. Try filling in the following into Custom login HTML and you’ll see what it is for. I have added this to the FAQ.
b) Could you please upgrade to the just released version 0.4 and let me know if it works now? (could take up to half an hour before it is available on wordpress.org)
Awesome, works! Thank you
Hi Marcel..
Just tested this plugin and done all registering and confirming of email.
When I try to sign in on my own site I get a blank page with this error:
Verification failed
Could you please enable debugging (a plugin setting), retry and e-mail me the output (don’t post it here, since it contains sensitive information).
Done!