Non-recoverable auth failure?

Martin Atkins mart at degeneration.co.uk
Tue Jun 28 16:38:16 PDT 2005


Carl Howells wrote:
> 
> As for the silliness you mention, having the consumer serve a page just
> for window.close(), isn't really an accurate description of what
> happens.  First, there's a full id_res response in the returned value.
> That means that the consumer can finish logging in the user before
> returning any page, and without any extra redirects or requests. Second,
> since the login has completed, the page served can include javascript to
> inform window.opener that the login has *already* completed, and to move
> on, as well as closing the new window.  That seems like a great deal
> more than just serving a page containing a window.close() command.
> 

I agree with Carl here. It makes more sense to let the consumer do
whatever it needs to do in response to the success, as well as allowing
the possibility for avoiding that extra second login click from AJAX
mode that I've always hated.

This goes nicely with our new cancel mode, which can also close the
window after sending a different message to the parent window letting it
know about the cancellation.



More information about the yadis mailing list