Issue Type: Improvement Created: 2008-07-19T10:56:31.000+0000 Last Updated: 2012-11-20T20:53:15.000+0000 Status: Closed Fix version(s): Reporter: Mike Coakley (mcoakley) Assignee: None Tags: - Zend_OpenId
Related issues: Attachments:
In the Zend_OpenId_Provider::handle method there is a return value of "TRUE" for both checkid_immediate & checkid_setup modes in the event that _checkId fails AND there isn't an openid_return_to passed to the handle method. I find this non-informative. I would think it best to return the values received from the _checkId method which the calling process can use to report back to the user that the process failed and could not be recovered properly. Even if the calling process doesn't want to be this informative to the end user at it is an option. By getting a TRUE value back the recommended process that should have happened (if the openid_return_to parameters was present) cannot even be assumed.
I've changed this in my code to simply return $ret instead of TRUE.
Posted by Dmitry Stogov (dmitry) on 2008-12-01T03:02:05.000+0000
According to OpenId specification http://openid.net/specs/…, 9.1 Request Parameters, the missing "return_to" means "that the Relying Party does not wish for the end user to be returned".
The Zend_OpenId_Provider::handle() for authentication requests never returns in case of success and "return_to" set, but returns true or false in case of missing "return_to". True means authentication success and false - failure.
I don't see why it should return authentication details, and how provider can use them.
Posted by Rob Allen (rob) on 2012-11-20T20:53:15.000+0000
Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".
Feel free to re-open and provide a patch if you want to fix this issue.
Have you found an issue?
See the Overview section for more details.