UPDATE: No need to do this now, its fixed!
For edngames.com I use Facebook, Yahoo! and Windows Live as sign on solutions. However, Windows Live is the only system with a restriction on the domain names you can register. For instance, because of the word “games” in my domain, I get the error message “The Return URL field contains a forbidden word or domain. Please use a different Return URL and enter the HIP solution again.”
Facebook and Yahoo, competing single sign on solutions, do not have this restriction, which the word “game” I assume is to block gambling sites from the authentication.
To get around this, I have had to set up a dummy domain (edslife.co.uk) without the banned words and perform authentication on that – you cannot simply do a redirect because the signature returned by the Windows Live server will be invalid because its a different return URL. I then have to create my own authentication (I use a hash function based on the time and a secret word) to move between the dummy domain to the real one securely.
Although this works, and is just as secure as authenticating on the target site I reckon, it provides a pretty shoddy user experience because I have to explain that there is another domain name involved. You also cannot use this method to get data from the Windows Live server such as contact information because from a different domain, the authentication is invalid.