In case you missed it, Yahoo! released their Yahoo! Browser-Based Authentication (BBAuth) to the world to use. For web properties that integrate it, it provides a Single Sign-On (SSO) facility so you can log into other sites–like this blog–using your existing Yahoo! username, instead of creating a new account here.
I’ve gone ahead and spent the hour to integrate it into my blog comments system, so now you can authenticate using your Yahoo! ID and leave comments here.
One caveat for early integrators: Yahoo! BBAuth expects the “sig” signature to be all lowercase. If your MD5 function returns the hash as an uppercase hexadecimal value, Yahoo! BBAuth will complain in a non-obvious way. I discovered this through a bit of trial and error–mostly error, and head-scratching. I eventually squashed my MD5 hash to lowercase and everything worked great.
Here’s just another attempt on my part to lower the bar to make it easier for everyone to leave comments. 
Tags:
Yahoo!,
web,
authentication,
BBAuth
![[RSS]](http://dossy.org/wp/wp-content/themes/dossyblog-10/art/feed-icon-16x16.png){kind=icon}
honzikf says:
Electronic Cigarette says:
Daughter of Christ Jesus says:
October 2nd, 2006 at 9:55 am
Weird… It says I’m logged in as yahoo_.g213gjjsdkj, or some such, but I still filled out my name & email as well as a captcha. I haven’t had a chance to read up on the BBAuth service, but what benefit does authenticating here give?
October 2nd, 2006 at 11:25 am
l.m.orchard: There’s really little benefit for you … it’s mostly a benefit for me, trying to defeat spammers. Unauthenticated comments here are held for moderation, but if you authenticate, they get posted right away. This doesn’t “stop” spammers, but at least gives me some limited ability to ban them.
Maybe there’s some way for me to make authenticating here slightly more useful: enable folks to subscribe to email notifications for entries where they’ve commented, etc. But, I don’t think I have enough readership yet to make that worth it.
Any suggestions?
October 3rd, 2006 at 7:37 am
Nice — this is linked from Jeremy Zawodny’s linkblog. Expect more traffic.
October 3rd, 2006 at 8:47 am
Joe: yeah, I’m seeing a lot of folks are finding this blog entry through Jeremy’s linkblog and a few other sites that have linked to me. (Thanks for the link-love, everyone.)
What I’m really surprised about is that more people haven’t tried logging in using the BBAuth and leaving a comment here, just to see how it all works.
October 5th, 2006 at 12:36 pm
Okay Dossy,
I’ve taken the bait and logged in with my Yahoo ID.
I’m trying to link to you via Linked In. I’ve noticed a lot of my former colleagues are doing this and I kind of find it interesting to see who I can connect to in this way.
Cheers!
October 5th, 2006 at 1:53 pm
Hi, Glen … looks like it worked for you! Cool.
re: LinkedIn … sure, go ahead and send me an invite to connect.
October 8th, 2006 at 9:19 pm
Lets see if this BBAuth works. It sure appears to. Should I still have to fill out the letters to prevent spam?? Doesn’t the authentication through BBAuth mitigate or eliminate the risk of spammers?
October 8th, 2006 at 9:21 pm
Julio: Not really, no. The CAPTCHA still prevents a spammer from signing up one Y! ID and using it to mechanically leave hundreds of comments on my blog.
Authentication vs. authorization, I guess. The upside of folks using their Y! ID’s to authenticate is so that I can de-authorize them from leaving comments, if they turn out to be a spammer.
October 9th, 2006 at 3:49 pm
Testing
October 9th, 2006 at 4:02 pm
Lisa: What were you testing?
October 13th, 2006 at 4:32 pm
Nice work man,
October 13th, 2006 at 4:39 pm
Ah, this reminds me … I need to point out that my blog uses Gravatars (those little image icons on the right-hand side of people’s comments), too. It’s interesting to see who does and doesn’t have one set up for themselves.
October 17th, 2006 at 10:27 pm
Cool BBauth and gravatar integration. We’re looking to add bbauth to our site as well.
October 17th, 2006 at 10:37 pm
Justin: Menuism looks cool. Good luck with that! (Is it another “did it ourselves in RoR” site?)