Dirk Balfanz wrote: > > Oh I see. Ok. I'l make a new revision of the spec where I add a > required parameter (the consumer key) to the auth request. > Cool, thanks!
> What should the spec recommend the OP should do if the consumer key > and realm don't match? Return a cancel? Return something else? > I'd recommend an error consistent with Section 8.2.4 in the OpenID 2.0 spec, with a new error_code value indicating that the either the CK or the realm was invalid. There may actually need to be 2 errors, one to indicate that the CK is invalid, and another to indicate that the CK is not valid for the realm. http://openid.net/specs/openid-authentication-2_0.html#anchor20 Allen _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
