Justin Erenkrantz wrote: > --On December 6, 2005 11:04:13 AM -0700 Brad Nicholes > <[EMAIL PROTECTED]> wrote: > >> Good, then I am +1 on the authz providers only returning AUTHZ_GRANTED >> or AUTHZ_DENIED. I don't see a need for anything else. > > > FWIW, I do see a case for returning 'uh-oh, an error occurred'.
I'm planning on reviewing the rest next weekish, as I've written a few auth provider hooks and I'm interested in seeing what happens to them with all of this. but here I'll agree - an error condition is nice to have. additonally, though, chaining providers together with DECLINED conditions is really useful. I haven't looked closely enough to see whether this can be accomodated, but it's nice to have and returning DENIED isn't intuitive in this case. fwiw --Geoff
