OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]

Allen Tom atom at
Wed Nov 19 02:19:07 UTC 2008

Dirk Balfanz wrote:
> Oh I see. Ok. I'l make a new revision of the spec where I add a 
> required parameter (the consumer key) to the auth request.
Cool, thanks!

> What should the spec recommend the OP should do if the consumer key 
> and realm don't match? Return a cancel? Return something else?
I'd recommend an error consistent with Section 8.2.4 in the OpenID 2.0 
spec, with a new error_code value indicating that the either the CK or 
the realm was invalid. There may actually need to be 2 errors, one to 
indicate that the CK is invalid, and another to indicate that the CK is 
not valid for the realm.


More information about the specs mailing list