Non-recoverable auth failure?
Paul Crowley
paul at ciphergoth.org
Fri Jun 24 00:27:41 PDT 2005
Carl Howells wrote:
> I did understand your proposal, and realized I was modifying it slightly. The
> reason I decided on that modification had to do with one important
> consideration. In normal setup mode, a site knows it will be the whole browser
> window, and will probably draw its normal site layout on the openid page, for
> branding purposes. But if it's in an AJAX-style popup or iframe, it will
> probably have a lot less screen real-estate available, and want to draw a
> minimal version of its dialogs.
That's a good reason, but I think it's a slightly excessive mechanism.
I don't see that the server will actually want to remember anything
about the first failed attempt while setting up the second; it just
wants to know "have I got the full browser window, or am I in a popup"?
So let's just tell it: to the checkid_setup request, add
openid.displayhints=popup
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list