No "Bad Signature" Feedback in AJAX Demo

Nathan D. Bowen nbowen+yadis at
Tue May 24 23:41:44 PDT 2005

It's possible that I'm doing something wrong on my end, but it looks to 
me like the AJAX demo gets sort of "stuck" if the provider returns a bad 
signature. I'm intentionally sending bad signatures in the hope that I 
will see a nice red box catching me in the act, but I'm basically seeing 

If I understand it correctly, when the helper receives 
openid.mode=id_res, it is expected to send back a small HTML document 
containing a call to a parent window function (OpenID_callback_pass or 
OpenID_callback_fail). There doesn't seem to be anything like a general 
OpenID_callback_error, though, and the 'fail' function is specifically 
for user setup URLs. So, in the case of a bad signature (or another 
error condition, I assume), it looks like helper.bml just spits back a 
JSON-formatted error directly to the iframe. The form box is left 
forever grey and claiming to be "Contacting identity server".

So it's not exactly letting me "get away with" sending bad signatures, 
but it's not setting off alarms in the browser, either...

More information about the yadis mailing list