[Openid-specs-ab] Possible "error" state return from OP i-frame in session management

Mike Jones Michael.Jones at microsoft.com
Tue Aug 5 01:04:23 UTC 2014


On today's call, people were in favor of adding this, with the clarification that the "error" result is only to be used for inputs with malformed syntax.  I've filed this bug to track this issue:  https://bitbucket.org/openid/connect/issue/930.

                                                                -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Thursday, July 31, 2014 12:24 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Possible "error" state return from OP i-frame in session management

Currently, session management allows only two return values from the OP postMessage - "changed" and "unchanged".  Implementers have asked me what they should do if the RP's postMessage is malformed.  For instance, what if it is not of the required format below?
               Client ID + " " + Session State

At first, I thought that such inputs should result in a "changed" return, but the problem with this is that it could cause an infinite loop of prompt=none requests to the server - a bad thing.

I'm increasingly thinking that an "error" return should be added for responding to malformed requests and that guidance should be given that "error" returns should be handed by the RP in a way that will not cause a potential infinite loop of prompt=none requests.

What do others think?

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140805/10099388/attachment.html>


More information about the Openid-specs-ab mailing list