No "Bad Signature" Feedback in AJAX Demo
Nathan D. Bowen
nbowen+yadis at andtonic.com
Tue May 24 23:41:44 PDT 2005
It's possible that I'm doing something wrong on my end, but it looks to
me like the AJAX demo gets sort of "stuck" if the provider returns a bad
signature. I'm intentionally sending bad signatures in the hope that I
will see a nice red box catching me in the act, but I'm basically seeing
nothing.
If I understand it correctly, when the helper receives
openid.mode=id_res, it is expected to send back a small HTML document
containing a call to a parent window function (OpenID_callback_pass or
OpenID_callback_fail). There doesn't seem to be anything like a general
OpenID_callback_error, though, and the 'fail' function is specifically
for user setup URLs. So, in the case of a bad signature (or another
error condition, I assume), it looks like helper.bml just spits back a
JSON-formatted error directly to the iframe. The form box is left
forever grey and claiming to be "Contacting identity server".
So it's not exactly letting me "get away with" sending bad signatures,
but it's not setting off alarms in the browser, either...
More information about the yadis
mailing list