[Code] Error Handling
Matthias-Christian Ott
ott at mirix.org
Tue Jan 4 21:22:08 UTC 2011
Hi,
I had a look at the Ruby and Python OpenID Authentication server API.
When an error that's related to the OpenID Authentication protocol is
occurs (e.g. an invalid request from a User-Agent or Relying Party),
both implementations throw an instance of ProtocolError.
All source code I returns 500 as the HTTP status code with the error
message as the body. According to Page 13 this behaviour is only
correct when interacting with a User-Agent and the following happens:
If the malformed or invalid message is received by the Relying Party,
or "openid.return_to" is not present or its value is not a valid URL,
the server SHOULD return a response to the end user indicating the
error and that it is unable to continue.
I think the correct behaviour is described on Page 10/11:
If a request is malformed or contains invalid arguments, the server
MUST send a response with a status code of 400. The response body
MUST be a Key-Value Form (Section 4.1.1) message with the following
fields:
However, I doubt that I know better than the people who wrote the
official examples. Can someone please clarify how to handle OpenID
errors correctly?
Best wishes,
Matthias-Christian
More information about the Code
mailing list