Issues

ZF-3688: In the Zend_OpenId_Provider::handle function responses received by _checkId are lost

Description

In the Zend_OpenId_Provider::handle method there is a return value of "TRUE" for both checkid_immediate & checkid_setup modes in the event that _checkId fails AND there isn't an openid_return_to passed to the handle method. I find this non-informative. I would think it best to return the values received from the _checkId method which the calling process can use to report back to the user that the process failed and could not be recovered properly. Even if the calling process doesn't want to be this informative to the end user at it is an option. By getting a TRUE value back the recommended process that should have happened (if the openid_return_to parameters was present) cannot even be assumed.

I've changed this in my code to simply return $ret instead of TRUE.

Thanks,

Mike

Comments

According to OpenId specification http://openid.net/specs/…, 9.1 Request Parameters, the missing "return_to" means "that the Relying Party does not wish for the end user to be returned".

The Zend_OpenId_Provider::handle() for authentication requests never returns in case of success and "return_to" set, but returns true or false in case of missing "return_to". True means authentication success and false - failure.

I don't see why it should return authentication details, and how provider can use them.

Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

Feel free to re-open and provide a patch if you want to fix this issue.