Non-recoverable auth failure?

Paul Crowley paul at
Fri Jun 24 00:27:41 PDT 2005

Carl Howells wrote:
> I did understand your proposal, and realized I was modifying it slightly.  The
> reason I decided on that modification had to do with one important
> consideration.  In normal setup mode, a site knows it will be the whole browser
> window, and will probably draw its normal site layout on the openid page, for
> branding purposes.  But if it's in an AJAX-style popup or iframe, it will
> probably have a lot less screen real-estate available, and want to draw a
> minimal version of its dialogs.

That's a good reason, but I think it's a slightly excessive mechanism. 
I don't see that the server will actually want to remember anything 
about the first failed attempt while setting up the second; it just 
wants to know "have I got the full browser window, or am I in a popup"? 
  So let's just tell it: to the checkid_setup request, add

\/ o\ Paul Crowley, paul at

More information about the yadis mailing list