23

Back in 2018, we announced the end of support for OpenID at Stack. Although we've deprecated support for OpenID logins and endpoints, the openid.stackexchange.com URL has remained online. Starting in November, 2022 all OpenID endpoints and our OpenID URL will become unavailable.

If you are still using the Stack Exchange OpenID provider to authenticate with any website, you will need to update your external applications to authenticate using a different mechanism.

Update your external applications with new credentials by November 1, 2022 - after which, you will not be able to use Stack Exchange OpenID to authenticate. Users and applications will still be able to authenticate within the Stack Exchange network using the same username/password credentials that were used to create the OpenID login, but there will be no OpenID endpoints or URL available.

It's also worth noting, so far as we can tell, no one is actually using Stack Exchange OpenID at all. So, in principle, there should be no action needed for anyone.

We're finalizing our removal of OpenID for the reasons outlined in the linked post above. But, to summarize:

  • Only a small number of accounts used OpenID at all, and no one appears to be using it today.
  • OpenID support, globally, has largely been replaced by newer OAuth variants like OIDC. While we do not plan to immediately support OIDC, you can use these newer mechanisms today through social sign-in like Google or Facebook.

TL;DR - If you aren't sure if you’re using OpenID, you don't need to do anything.

If you're the developer of a bot, you’ve probably already changed your application to use the new login form. If you haven't, you can use a non-OpenID login route. Information on alternate bot authentication mechanisms is available in the Chat bot migration from OpenID chat room.

Improve this question
8
  • Related: What is the status of the removal process of Stack Exchange OpenID?
    – Justin
    Commented Aug 22, 2022 at 18:50
  • 4
    No user or bot has authenticated via OpenID in 2022. Although the URL is still available to manage your username/password login, that's all that is available via that URL.
    – Jeremiah Peschka
    Commented Aug 22, 2022 at 19:05
  • 1
    Will this be featured?
    – Luuklag
    Commented Aug 22, 2022 at 19:07
  • 11
    @Luuklag With "No user or bot has authenticated via OpenID in 2022" it doesn't really seem like featuring is justified. Featuring is a lot of user's time to spend on something that nobody has used in the last 8 months, and for which there has been at least one previous announcement (which I thought was featured at the time).
    – Makyen
    Commented Aug 22, 2022 at 19:17
  • 3
    @Makyen: Yep, it was decided that this post didn't need featuring for that reason. It's mostly just a heads-up since it has been a long time since the end of support for OpenID was originally announced, but hopefully shouldn't affect too much.
    – V2Blast
    Commented Aug 22, 2022 at 19:52
  • 7
    OTOH, it seems like it might be a good idea to send an email to all users who still have OpenID as a configured authentication method, or at least all users who have either only an OpenID as a configured authentication method or where the OpenID authentication method was the one they used most recently.
    – Makyen
    Commented Aug 22, 2022 at 20:13
  • 4
    @Makyen We discontinued using third-party OpenId providers a long time ago, with the original announcement, and notified users at that time. If they didn't take action then, nothing is changing for them now as this doesn't affect that scenario. This change does not affect anything for how users login with an email and password. It's just disabling a feature that nobody was using.
    – animuson StaffMod
    Commented Aug 23, 2022 at 3:01
  • 1
    I should note that the openid tag is still a default tag on per-site metas, and should be removed.
    – Sonic the Anonymous Hedgehog
    Commented Aug 24, 2022 at 7:29

1 Answer 1

Reset to default
-2

I don't know how your monitoring works, but I regularly used Stack Exchange OpenID to log into my account at my webhoster.

As there was no indication during the login flow, I didn't notice that you deprecated the OpenID endpoints until today, when I couldn't access my account anymore as the endpoints have been shut down. In the future, it would be really appreciated if you could announce such things at a point where a user has a chance to notice this while using the service.

Improve this answer
4
  • Checking a site once in few months for updates isn't lots to ask.
    – Shadow Wizard
    Commented Feb 15, 2023 at 12:26
  • 8
    Uh, between 4 years between dropping support, and 4 months between the announcement and removal and 4 months before ... this... uh... how long is long enough?
    – Journeyman Geek
    Commented Feb 15, 2023 at 12:26
  • 1
    When SE made the decision to remove OpenID support from their own sites in 2018, only 0.2% of sites being authenticated to were non-SE sites. Also, as this question states, practically no one would stand to be affected by it so they didn't see the point.
    – Sonic the Anonymous Hedgehog
    Commented Feb 15, 2023 at 22:51
  • 2
    Unfortunately @user1327237 is right. StackExchange poorly informs its users of any changes at all and arrogant comments won't help with that. A post on meta definitely won't be seen by the majority of users. A big red banner on the login page, plus an email to everyone using OpenID on external sites would have been the right way to do it.
    – Bachsau
    Commented Feb 16, 2023 at 19:19

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .