OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]
Allen Tom
atom at yahoo-inc.com
Wed Nov 19 02:19:07 UTC 2008
Dirk Balfanz wrote:
>
> Oh I see. Ok. I'l make a new revision of the spec where I add a
> required parameter (the consumer key) to the auth request.
>
Cool, thanks!
> What should the spec recommend the OP should do if the consumer key
> and realm don't match? Return a cancel? Return something else?
>
I'd recommend an error consistent with Section 8.2.4 in the OpenID 2.0
spec, with a new error_code value indicating that the either the CK or
the realm was invalid. There may actually need to be 2 errors, one to
indicate that the CK is invalid, and another to indicate that the CK is
not valid for the realm.
http://openid.net/specs/openid-authentication-2_0.html#anchor20
Allen
More information about the specs
mailing list