Non-recoverable auth failure?

Brad Fitzpatrick brad at
Thu Jun 23 16:30:05 PDT 2005

On Thu, 23 Jun 2005, Carl Howells wrote:

> Martin Atkins wrote:
> > cancelled". It just requires the ID server to redirect to the return URL
> > with mode=cancel.
> >
> [snip]
> >
> > Sound reasonable?
> Hmm.  Yes, it would have been more clear if I'd thought to phrase it
> that way initially.  That proposal would definately work for me.  How
> about for our benevolent protocol and security dictators?

So servers can redirect the UA to return_url w/ "openid.mode=cancel"?

Works for me.  Paul?

> And any thoughts (from anyone) on on my proposed change to the use of
> the user_setup_url after using checkid_immediate?

I'll admit I didn't quite follow.  What can't you do with the existing

- Brad

More information about the yadis mailing list