Prevent users from delegating to the local OpenID provider

[GoogleCodeExporter]

It seems that there's no check to see if someone has delegated to herself when 
the OpenID Provider 
is enabled, either for Blog Owner or Multi-User mode.

Original issue reported on code.google.com by chris.messina on 3 Oct 2008 at 2:10

[GoogleCodeExporter]

i'm not sure what the original author meant by this, but the issue i am having 
is i
cannot use the openid provided by my blog as my login or for comments on my own 
blog

ie: http://nemchik.com/author/nyne/ is my openid, i am also assigned to the 
default
http://nemchik.com/
i cannot comment on my own blog posts using either of those as the website url, 
nor
can i add them to my account via the admin panel

Error: Could not discover an OpenID identity server endpoint at the url:
http://nemchik.com/author/nyne/

Original comment by nemchik on 19 Jun 2009 at 3:22

[GoogleCodeExporter]

That's an interesting use case.

In the original bug report, you could get into an infinite loop of sorts if you 
delegate 
to your OpenID provider. I don't think this is a big issue, but the case that 
you 
brought up is a different one, but worth considering.

The difference is that commenting with OpenID doesn't create a new account, and 
bypasses the account system. So in your case, since you HAVE an account, you 
really 
should be signing in to your local WordPress account and leaving the comment 
with 
that account.

Otherwise, I can see how this might fail. It might also be the case that there 
needs to 
be a check for this case, but I'm not sure. Thanks for the report! 

Original comment by chris.messina on 19 Jun 2009 at 6:18

[GoogleCodeExporter]

i normally have myself signed in via cookies, but if i try to comment from 
another
location (like a friends house or public computer) i dont think it's necessary 
to log
in on that computer (namely i dont want to have to go through the whole login
process, then have to log out when im done)

it would be nice in that scenario to be able to type my openid as the url and 
then
have it ask me to verify my log in information, then make the post as my with my
wordpress account (which should be associated to my openid), then be signed out 
(no
cookies)

also i think i mentioned in another issue (i may have forgotten to bring it up) 
but i
cannot associate the openid that is assigned to me by my blog with the wordpress
account (on the 'your openids' page when i try to add myself with either of the 
urls
i mentioned it fails saying Error: Could not discover an OpenID identity server
endpoint at the url: http://nemchik.com/)

Original comment by nemchik on 24 Jun 2009 at 12:01

[GoogleCodeExporter]

Did you go to Settings -> OpenID and set yourself for delegation on the 
frontpage? 
It doesn't have one defined by default.

Original comment by shi...@elite-systems.org on 15 Nov 2009 at 10:49