Switching from OpenID to the Yandex.Passport API

All OpenID identities with Yandex as the provider stopped working on August 10, 2015. For authentication on other sites with a Yandex account, use the Yandex.Passport API.

For users

After August 10, you can log in on other websites using your Yandex account only if the website developer has correctly switched over from OpenID. If you can't log in to a website with your Yandex account, contact the site's support service.

Just to be safe, you can get direct access to your account (without using OpenID) before August 10 in one of the following ways:

  • Switch your account over.

  • Recover the password.

  • Contact the support service.

For website developers and webmasters

Users who log in to your website with a Yandex OpenID lost this capability on August 10. You can use the Yandex.Passport API to authenticate such users.

The API can also provide users access to old accounts that are associated with an OpenID. To do this, after enabling the Yandex.Passport API, you need to handle logins in a special way:

  1. If the user manually enters a Yandex OpenID identity, notify them that it's no longer allowed to log in this way, and offer to use the Yandex.Passport API for login. You can recognize Yandex identities by the URL domain: yandex.ru or ya.ru.

    If the user just clicks the button to log in via Yandex, use the Yandex.Passport API for authentication.

  2. Request an OAuth token to access the user's data.

  3. Request the necessary data via the Yandex.Passport API. To get the OpenID identities that might belong to the user, also pass the with_openid_identity parameter.

  4. Search for each OpenID identity listed in the response in your database of accounts:

    • If no account with the listed OpenID identities was found, just use the Yandex.Passport API to authenticate the user.

    • If one account was found, link it to the account ID in Yandex (the id element in the response from the Yandex.Passport API). Then use the API to authenticate the user.

    • If multiple accounts were found with the listed OpenID identities, ask the user to select one to use for authentication. Link the selected account to the account ID in Yandex, then use the Yandex.Passport API to authenticate the user.

This way, the user can log into your site via Yandex, and you can associate the data from the old OpenID account to the unique Yandex user ID when this becomes necessary.