[OpenID] openid.user_setup_url no longer in V2
Andrew Arnott
andrewarnott at gmail.com
Sun Sep 7 01:43:56 UTC 2008
Does anyone who helped with the V2 spec know why user_setup_url was removed
from negative immediate auth response messages? I like the overall changes,
including that id_res is no longer sent in negative cases, which just
confused the question of whether an auth was good, but user_setup_url was
still helpful to some clients.
I wondered if it had to do with the identifier_select case, where OPs might
have a privacy leak that might expose the logged in user's claimed/local IDs
in the setup_needed message if the request was sent with identifier_select.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080906/df4f2f3b/attachment-0001.htm>
More information about the general
mailing list