DotNetOpenAuth RPs log away openid.error's content and displays a generic failure message to the user.<div><br></div><div>Incidentally I was just planning on expanding the set of scenarios where DotNetOpenAuth OPs return openid.mode=error's. OPs that have stringent security requirements that the RP doesn't satisfy (for example, the RP doesn't appear on a closed OP's whitelist) could result in an openid.mode=error with a message saying "get your RP on the white list first".<br clear="all">
--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Mon, Jan 4, 2010 at 10:18 AM, Johannes Ernst <span dir="ltr"><jernst+<a href="http://openid.net">openid.net</a>@<a href="http://netmesh.us">netmesh.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Apparently a few people in the wild do implement openid.error. What do RPs do when they receive that? Display it to the user? Throw up their hands and say "something weird happened"?<br>
<br>
There are plenty of problems with the way openid.error is (under-) defined, including:<br>
- not internationalizable<br>
- not computer-interpretable<br>
- unclear whether the conveyed text message is formatted, or how.<br>
<br>
Questions:<br>
1. Could we come up with an enumeratable list of error conditions, or are everybody's possible errors different? Error codes?<br>
2. Should we define that the error message be used for internal logging or to be shown to the user?<br>
3. If the latter, should we define that the locale of the error message should be the user's locale at the OP? What if the problem is that the user is not known at the OP? Should the RP pass on a locale?<br>
<br>
Happy new year everybody,<br>
<br>
<br>
<br>
Johannes.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</blockquote></div><br></div>