Error behavior, continued.

Brad Fitzpatrick brad at
Sat Jun 18 10:54:03 PDT 2005

I'm back from traveling, so let's get this OpenID stuff wrapped up, live,
and have some fun.

I've digested what I've heard from Carl, Paul, and Martin, and I what I'm

   -- authn errors are already defined.  this is all about protocol
      errors.  (missing items, typos, etc)

   -- no error codes for now, just unstructured natural language error text

   -- if it's a GET request w/ bad arguments but a valid return_to URL,
      redirect w/  openid.mode=error and openid.error=Error+Text.
      this will provide a upgrade path in the future, if it comes down
      to it.  (hopefully it won't)

   -- if it's a GET request w/ bad arguments, and no valid
      return_to, return a "400 Bad Request" with any content-type
      and error message you want.  (pretty much fucked at this point
      anyway, since it's the browser likely in control....)

   -- if it's a GET request w/ no arguments, show a 200
      text/html saying "This is an OpenID server endpoint.  For more
      information, see"  For people curious what
      all those link rel URLs are.

   -- if it's a POST request w/ bad/no arguments, return a 400 Bad request
      with our typical key:value\n lines, with a single key "error" with
      the natural language text.  (and any additional keys you want)

Anything controversial here?  This is all fringe stuff anyway.

- Brad

More information about the yadis mailing list