Error behavior, continued.
Brad Fitzpatrick
brad at danga.com
Sat Jun 18 10:54:03 PDT 2005
I'm back from traveling, so let's get this OpenID stuff wrapped up, live,
and have some fun.
I've digested what I've heard from Carl, Paul, and Martin, and I what I'm
hearing:
-- authn errors are already defined. this is all about protocol
errors. (missing items, typos, etc)
-- no error codes for now, just unstructured natural language error text
-- if it's a GET request w/ bad arguments but a valid return_to URL,
redirect w/ openid.mode=error and openid.error=Error+Text.
this will provide a upgrade path in the future, if it comes down
to it. (hopefully it won't)
-- if it's a GET request w/ bad arguments, and no valid
return_to, return a "400 Bad Request" with any content-type
and error message you want. (pretty much fucked at this point
anyway, since it's the browser likely in control....)
-- if it's a GET request w/ no arguments, show a 200
text/html saying "This is an OpenID server endpoint. For more
information, see http://openid.net/" For people curious what
all those link rel URLs are.
-- if it's a POST request w/ bad/no arguments, return a 400 Bad request
with our typical key:value\n lines, with a single key "error" with
the natural language text. (and any additional keys you want)
Anything controversial here? This is all fringe stuff anyway.
- Brad
More information about the yadis
mailing list