[OpenID] openid.user_setup_url no longer in V2
Andrew Arnott
andrewarnott at gmail.com
Sun Sep 7 22:09:20 UTC 2008
Thanks for the explanation. That makes sense.
On Sun, Sep 7, 2008 at 11:18 AM, Martin Atkins <mart at degeneration.co.uk>wrote:
> Andrew Arnott wrote:
>
>> Really? I never imagined the flow in 1.x meant anything other than the
>> user_setup_url was anything besides an ordinary non-immediate request. In
>> which case I don't know why the RP would send a setup_url request and a
>> following immediate request, as the setup_url request results in an auth.
>>
>> It seems to me that 1.x and 2.0 is the same, except that instead of 1.x
>> formulated the checkid_setup url for the RP, the RP must create it itself.
>>
>>
> I may be remembering this wrong, I believe that the original design was
> that the setup URL wouldn't actually return a positive assertion, but rather
> would simply do the approval step. The intention was that "AJAX-like"
> implementations would be able to try an immediate request in the background,
> and if it failed open the setup_url *in a new window* (leaving the original
> page undisturbed) and finally retry the checkid_immediate in the original
> window to complete the authentication.
>
> In practice, I don't think anything except Brad's original demo implemented
> it this way, and so the setup_url became redundant and was often just the
> OP's checkid_setup URL.
>
> However, it's been a long time and I might be remembering this wrong.
> Nonetheless, if the setup_url results in auth then it is the same as a
> checkid_setup request, so it's redundant.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080907/b8a54323/attachment-0001.htm>
More information about the general
mailing list