Consistency of negative responses to checkid_immediate requests

[Josh Hoyt]

On 12/14/06, Johnny Bufu <johnny at sxip.com> wrote:
> On 14-Dec-06, at 12:13 AM, Josh Hoyt wrote:
> > On 12/13/06, Martin Atkins <mart at degeneration.co.uk> wrote:
> >> Josh Hoyt wrote:
> >>>
> >>> It's confusing to me make the failure response to an immediate mode
> >>> request be "id_res", especially if that is not the failure response
> >>> for setup mode. I can't see a reason that they can't both use the
> >>> "cancel" response to indicate that the OP or end user do not wish to
> >>> complete the transaction.
> >>>
> >>> This is a very minor change, but it will make the spec simpler.
> >>>
> >>
> >> I think the RP will want to do something different in these two
> >> cases.
> >
> > That's true, but the RP will probably need to handle the success case
> > differently for immediate mode anyway (e.g. it will have to do AJAX to
> > update the page) so I expect it to have a specific return_to URL for
> > immediate requests. Since using a different return_to is trivial, I
> > prefer the consistency of negative responses.
>
> The current / v1 modes will need to be mentioned in the compatibility
> section, and also implemented. Not sure if this simplification will
> then still be worth.

That's a good point. I guess it comes down to how long OpenID 1.1
support will be necessary. If it's a long time (effectively forever)
then it's definitely not worth it. If it's a relatively short period
of time, then I think it is worth it for the cleaner spec.

Unless someone agrees that it'd be worth it, I'll leave it alone.

Josh