- changed status to open
Session 4.2 - Define "error" return from OP iframe for syntax errors
Currently, session management allows only two return values from the OP postMessage – “changed” and “unchanged”. Implementers have asked me what they should do if the RP’s postMessage is malformed. For instance, what if it is not of the required format below? Client ID + " " + Session State
At first, I thought that such inputs should result in a “changed” return, but the problem with this is that it could cause an infinite loop of prompt=none requests to the server – a bad thing.
I’m increasingly thinking that an “error” return should be added for responding to malformed requests and that guidance should be given that “error” returns should be handed by the RP in a way that will not cause a potential infinite loop of prompt=none requests.
Comments (2)
-
-
reporter - changed status to resolved
Fixed
#930- Added "error" return from OP iframe to respond to syntactically invalid postMessage values received.→ <<cset 86c01b2aa1b3>>
- Log in to comment