Consistency of negative responses to checkid_immediate requests

Josh Hoyt josh at janrain.com
Thu Dec 14 00:08:43 UTC 2006


In OpenID 2.0, we have removed the "setup_url" parameter from negative
responses to "checkid_immediate" requests. This means that a negative
response to a "checkid_immediate" request looks like:

http://rp.com/return_to?openid.mode=id_res&openid.ns=[OpenID 2.0 ns]

A negative response to a "checkid_setup" request looks like:

http://rp.com/return_to?openid.mode=cancel&openid.ns=[OpenID 2.0 ns]

It's confusing to me make the failure response to an immediate mode
request be "id_res", especially if that is not the failure response
for setup mode. I can't see a reason that they can't both use the
"cancel" response to indicate that the OP or end user do not wish to
complete the transaction.

This is a very minor change, but it will make the spec simpler.

Does it sound reasonable?

Josh



More information about the specs mailing list