An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Friday, November 28, 2014

Blogger Blog Readers Unable To Comment, Using OpenID Accounts Hosted By WordPress

We're seeing a scattered collection of reports, mentioning problems publishing comments, using OpenID authentication.

This problem appears to be related to the Blogger rollout of SSL support, for our blogs, which is currently in progress. SSL, or Secure Socket Layer, represents the next step in blog / website security - a step which the Internet community has been taking, for many years.

Blogger has been using SSL (aka "HTTPS" login), in their dashboard, for several years.
https://www.blogger.com
That's a secure Blogger login. The problem with Blogger using SSL in our blogs is that moving to SSL requires care, to avoid confusing our readers. Lack of care will subject our readers to the well known "mixed mode" warnings.
This site has insecure content.
Only secure content is displayed.
Firefox has blocked content that isn't secure.
These are several examples of what were normal, years ago, on many websites. Blogger does not want our readers subject to needless confusion, from these warnings.

Blogger blog owners have been asking, for years, that Blogger support SSL in BlogSpot (and our custom domains).

FaceBook upgraded to SSL, in 2013 - and saw problems with Blogger content.

Last year, FaceBook upgraded to SSL. Blogger blog owners, who were also FaceBook members, watched their Walls, which contained HTTP links to their Blogger blogs, show the "mixed mode" warnings.
The real issues begin to arise, however, when your application must include assets served by servers which also do not support SSL.
...
We’ve all experienced “mixed mode” warnings, with some browsers being much more annoying about them than others. "Mixed mode" means you requested a page over SSL, but some of the resources needed to fully render that page are only available over unencrypted HTTP.

Blogger is offering the option for us to upgrade our blogs, this year.

Now, Blogger is upgrading, so our blogs may (optionally) support the SSL protocol - and not confuse FaceBook members, who post links to our blogs. To avoid the "mixed mode" warnings, which would confuse our readers, they are upgrading all Blogger processes, including OpenID authentication, to support SSL.

The Blogger upgrade has exposed a WordPress inconsistency.

Just as FaceBook upgrading to SSL helped to cause Blogger to upgrade, so is Blogger upgrading to SSL exposing an inconsistency in WordPress use of SSL, for OpenID authentication.
The problem in my case (and maybe in others as well) seems to be that https://yourblog.wordpress.com is send for verification to the OpenId server. This is what I could figure out from the URL. If you than manually replace HTTPS with HTTP, it works.
This comment suggests that WordPress, which in general is using SSL security, has an OpenID server that has not been upgraded.

WordPress needs to check their OpenID servers.

So now, Blogger has to wait for WordPress to fall into step, consistently. Until WordPress upgrades their OpenID server, people who want to use a WordPress OpenID account, to comment on our blogs, will have to select "OpenID", instead of "WordPress" - then enter the WordPress OpenID URL, as
HTTP://whatever.wordpress.com
And wait for WordPress to upgrade their server.

Dude, hit me with a comment!