[OpenID] openid error mode
SitG Admin
sysadmin at shadowsinthegarden.com
Thu Jan 14 06:41:28 UTC 2010
>Oops. Sorry. Wrong host. Well, but the user already got redirected
>there so the incremental risk is small I think.
Should be; if RP's were to widely employ image checkid_immediate (or
other means of trying to log a user in but not telling their browser
to fully load the OP's page), they might not have been exposed (to
scripts) quite yet. Then again, they're *telling* the RP that they
want to use some site as an OP, so even if they make a typo, a little
bit of feedback on the RP's error page ("You tried to log in with
goofle.com, click here for its error message.") should duly warn them
that their problem is not going to be fixed by visiting goofle.com.
-Shade
More information about the specs
mailing list