Allow OpenID logins on drupal.org

Has any work been started on this limiting id server feature? I'm curious if there's a good place to hook in to the openid provider module or some other approach. This would be really handy for dev teams that have a central intranet openid Drupal side -- and want to have logins on all of their client sites. But don't want to allow logins from any other openid servers.

I think I must not understand exactly what it is you want here, Gábor.

The current D6 OpenID client built into core has an admin config option for "List of allowed domains that can be logged into with OpenID." It's at http://example.com/admin/settings/openid_client_domain.

What am I missing? Couldn't we just put drupal.org there and that would suffice?

Not to derail the issue, but I don't see any such option (as mentioned in #3) on the latest Drupal 6.

/admin/settings/openid_client_domain

Does not exist. Do I need HEAD version? I'm on 6.10. Don't see any mention of this anywhere in cvs. Was this feature removed?

I will take the lead on this during the upcoming sprint as either Greg or I will need to implement this for g.d.o.

My take on Gabor's latest questions.

1. Yes, we should run the OpenID Provider module. We can improve the Drupal core and contrib code incrementally if the UI is not up to par. This will benefit Drupal in general, as well.

2. Absent legal problems which stop us, I would say we do nothing to prevent public use of our OpenID server, but perhaps we not promote it as such.

3. It sounds like, so far, the use of id.drupal.org will simplify some of the upgrade steps needed to move from the older Drupal auth to OpenID.

Not part of the redesign, but could happen anyway.

I don't think we are going to remove bakery any time soon.

So, this seems like it is about using OpenID on drupal.org (i.e. from core) so I'm updating the title.

Or, this should be marked won't fix.

OpenID in Drupal 7 got better. We might reconsider whenever we will be rolling Drupal 7.

Still would like to see people be able to create new accounts using OpenID. It's part of core, turning it on shouldn't be an issue. Broken, you say? Guess we'll have to work in some bug fixes for 6.18 then.

Subscribing.

+1 for this.

It'd be great to have one less password to remember.

OpenID in Drupal 7 got better. We might reconsider whenever we will be rolling Drupal 7.

Are there any particular improvents in D7 that you miss in D6? I guess AX support is an importing thing that is still not in D6 (#634562: OpenID AX support), but I don't think this is a show-stopper (it only makes the sign-up process a bit less automatic for some users).

There are a few backports waiting for review:
http://drupal.org/project/issues/search/drupal?status[]=Open&version[]=6...

Definitely +1 for seeing OpenID logins on Drupal.org - I think it's bad form to distribute such a useful feature in core and then claim that it's not good enough for D.O! :)

Because of some of the protocol problems that have just been fixed, maybe we should wait until the site gets upgraded to D7, but either way, wouldn't be it as easy as one of the admins running this single command to allow logins?

drush en openid

Users who care can then start logging in with their OpenIDs, and everyone else can ignore it. Or am I missing something? I have a feeling it won't affect performance too much as not many folks will be using it.

Making the title clearer so as to distinguish it from #353425: Allow other sites to use drupal.org user identities for login (in D7 infrastructure, without shared secrets).

Closing old issues. Please re-open if needed.