On Tue, Nov 18, 2008 at 10:04 PM, Breno de Medeiros <[EMAIL PROTECTED]> wrote: > On Tue, Nov 18, 2008 at 10:00 PM, Dirk Balfanz <[EMAIL PROTECTED]> wrote: >> >> >> On Tue, Nov 18, 2008 at 6:19 PM, Allen Tom <[EMAIL PROTECTED]> wrote: >>> >>> Dirk Balfanz wrote: >>>> >>>> Oh I see. Ok. I'l make a new revision of the spec where I add a required >>>> parameter (the consumer key) to the auth request. >>>> >>> Cool, thanks! >>> >>> >>>> What should the spec recommend the OP should do if the consumer key and >>>> realm don't match? Return a cancel? Return something else? >>>> >>> I'd recommend an error consistent with Section 8.2.4 in the OpenID 2.0 >>> spec, with a new error_code value indicating that the either the CK or the >>> realm was invalid. There may actually need to be 2 errors, one to indicate >>> that the CK is invalid, and another to indicate that the CK is not valid for >>> the realm. >>> >>> http://openid.net/specs/openid-authentication-2_0.html#anchor20 >> >> But Section 8.2 is about the association response. In the auth response, we >> currently only have cancel or setup_needed. If we invent another error >> condition there, we're no longer a pure "extension". > > The solution is to add an optional term in the openid.oauth response > and return the appropriate error code from the OAuth error handling > spec.
Actually, I meant a required term, to be present only in "unsuccessful OAuth responses" > >> >> Dirk. >>> >>> Allen >>> >> >> > > > > -- > --Breno > > +1 (650) 214-1007 desk > +1 (408) 212-0135 (Grand Central) > MTV-41-3 : 383-A > PST (GMT-8) / PDT(GMT-7) > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs