Consistency of negative responses to checkid_immediate requests
Josh Hoyt
josh at janrain.com
Thu Dec 14 00:08:43 UTC 2006
In OpenID 2.0, we have removed the "setup_url" parameter from negative
responses to "checkid_immediate" requests. This means that a negative
response to a "checkid_immediate" request looks like:
http://rp.com/return_to?openid.mode=id_res&openid.ns=[OpenID 2.0 ns]
A negative response to a "checkid_setup" request looks like:
http://rp.com/return_to?openid.mode=cancel&openid.ns=[OpenID 2.0 ns]
It's confusing to me make the failure response to an immediate mode
request be "id_res", especially if that is not the failure response
for setup mode. I can't see a reason that they can't both use the
"cancel" response to indicate that the OP or end user do not wish to
complete the transaction.
This is a very minor change, but it will make the spec simpler.
Does it sound reasonable?
Josh
More information about the specs
mailing list