RE: [dotnetopenauth] Re: Improving how "No OpenID endpoint found"
20 views
Skip to first unread message
Andrew Arnott
May 15, 2012, 4:35:48 PM5/15/12
to Richard Collette, dotnet...@googlegroups.com
errors are reported
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_205_2957919.1337111744322"
------=_Part_205_2957919.1337111744322
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
That error message is the app's fault IMO -- not DNOA's. I'll explain.
When custom errors are turned off (an ASP.NET setting) you see these
nasty screens. And on this screen, ASP.NET shows the message of the
Inner-most exception. DNOA gives the user-friendly messaged in the
outermost exception and uses more technical terms on the inner ones.
Hope this helps.
Sent from my Windows Phone
From: Richard Collette
Sent: 5/15/2012 12:55 PM
To: dotnet...@googlegroups.com
Subject: [dotnetopenauth] Re: Improving how "No OpenID endpoint found"
errors are reported
<https://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I/AAAAAAAAD98/UEjVB0Uf3Bc/s1600/error.png>
Here's an example of a message that I wouldn't even consider user
friendly. What would be nice is if the exception included additional
contextual information (url, id, etc.)
On Sunday, May 13, 2012 7:51:00 PM UTC-4, Werner Strydom wrote:
>
> This message aims to get some consensus on error handling when an OpenID
> rely party tries to authenticate with an OpenID provider and the best means
> modify DotNetOpenAuth to implement it. As for the latter, I'd appreciate
> some guidance.
>
> Assume that a OpenID relay party (https://rp.example.com) is trying to
> authenticate with an OpenID provider (https://op.example.com). Research
> at this point has highlighted the following potential issues when the RP
> wants to authenticate using the OP. If you know of additional ones, please
> let me know.
>
>
> - The host of the OP is incorrect, or it doesn't exist
> - The host of the OP is correct and the connection is dropped (as
> IIS/WCF does when the request is too large)
> - The host of the OP exists and never responds within a given time
> period
> - The host of the OP exists and returns HTTP Status 30x
> - The host of the OP exists and returns HTTP Status 400
> - The host of the OP exists and returns HTTP Status 401
> - The host of the OP exists and returns HTTP Status 403
> - The host of the OP exists and returns HTTP Status 404
> - The host of the OP exists and returns HTTP Status 500
> - The host of the OP exists and returns HTTP Status 503
> - The host of the OP exists and returns HTTP Status 504
> - The host of the OP exists, returns HTTP Status 200 but an invalid
> XRDS document
> - The host of the OP exists, returns HTTP Status 200, but no XRDS
> document
> - The host of the OP exists, returns HTTP Status 200, but the HTML
> returned does satisfy HTML discovery
>
>
> Some of these conditions may temporary (such as HTTP status 503), other
> permanent (i.e. host doesn't exist). In any case, an appropriate exception
> should be thrown by DotNetOpenAuth so that the OpenID rely party can handle
> it accordingly.
>
> Here are some requirements for that exception:
>
> - The exception message should support localization
> - The OpenID rely party should be able to determine the underlying
> error without having to analyze the message.
> - The exception should be as comprehensive as possible, as it may be
> logged in isolation and may be the only source to diagnose an issue. This
> assumes that there are multiple OpenID rely parties and providers running
> on the same physical host.
> - Messages should not contain abbreviations as this poses problems for
> support personnel.
>
> The exception may encapsulate:
>
> - source of the request (https://rp.example.com/signin), to
> differentiate one OpenID rely party from another.
> - destination of the request (https://op.example.com), to
> differentiate one OpenID provider from another.
> - an correlation identifier to differentiate one flow from another
> - a reason to diagnose the issue
> - an corrective action, if possible
>
> Here are examples of messages that may be more appropriate:
>
> - When HTML discovery fails: "Failed to discover the OpenID provider
> endpoint using the HTML Discovery method at https://op.example.com/.
> The realm used trying to perform the discovery was
> https://rp.example.com".
> - When XRDS fails because the XRDS document is malformed: "Failed to
> discover the OpenID provider endpoint using XRDS discovery method at
> https://op.example.com/. The OpenID provider returned a XRDS document,
> but the document was malformed. The realm used trying to perform the
> discovery was https://rp.example.com.".
> - When the OP doesn't respond in a reasonable time: "Failed to
> discover the OpenID provider endpoint using XRDS and HTML discovery methods
> at https://op.example.com/. The OpenID provider did not respond within
> a reasonable time (00:00:10). The realm used trying to perform the
> discovery was https://rp.example.com."
>
> Does anyone have anything to add? If not, any suggestions how to best
> approach implementing it?
>
> Werner
>
> PS. Much of the same requirements may apply to other parts of the
> DotNetOpenAuth, such as OpenID provider and OAuth components.
>
>
--
You received this message because you are subscribed to the Google
Groups "DotNetOpenAuth" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/dotnetopenid/-/F370CeXy_1MJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to
dotnetopenid...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/dotnetopenid?hl=en.
------=_Part_205_2957919.1337111744322
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<html><head><meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Cont=
ent-Type"></head><body><div><div style=3D"font-family: Calibri,sans-serif; =
font-size: 11pt;">That error message is the app's fault IMO -- not DNOA's.&=
nbsp; I'll explain. When custom errors are turned off (an ASP.NET set=
ting) you see these nasty screens. And on this screen, ASP.NET shows =
the message of the Inner-most exception. DNOA gives the user-friendly=
messaged in the outermost exception and uses more technical terms on the i=
nner ones.<br><br>Hope this helps.<br><br>Sent from my Windows Phone<br></d=
iv></div><hr><span style=3D"font-family: Tahoma,sans-serif; font-size: 10pt=
; font-weight: bold;">From: </span><span style=3D"font-family: Tahoma,sans-=
serif; font-size: 10pt;">Richard Collette</span><br><span style=3D"font-fam=
ily: Tahoma,sans-serif; font-size: 10pt; font-weight: bold;">Sent: </span><=
span style=3D"font-family: Tahoma,sans-serif; font-size: 10pt;">5/15/2012 1=
2:55 PM</span><br><span style=3D"font-family: Tahoma,sans-serif; font-size:=
10pt; font-weight: bold;">To: </span><span style=3D"font-family: Tahoma,sa=
ns-serif; font-size: 10pt;">dotnet...@googlegroups.com</span><br><span s=
tyle=3D"font-family: Tahoma,sans-serif; font-size: 10pt; font-weight: bold;=
">Subject: </span><span style=3D"font-family: Tahoma,sans-serif; font-size:=
10pt;">[dotnetopenauth] Re: Improving how "No OpenID endpoint found" error=
s are reported</span><br><br></body></html><p style=3D"text-align: center; =
clear: both;" class=3D"separator"><a style=3D"margin-left: 1em; margin-righ=
t: 1em;" href=3D"https://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I=
/AAAAAAAAD98/UEjVB0Uf3Bc/s1600/error.png" imageanchor=3D"1"><img src=3D"htt=
ps://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I/AAAAAAAAD98/UEjVB0U=
f3Bc/s1600/error.png" style=3D"" border=3D"0"></a></p><p style=3D"text-alig=
n: center; clear: both;" class=3D"separator"></p>Here's an example of a mes=
sage that I wouldn't even consider user friendly. What would be nice =
is if the exception included additional contextual information (url, id, et=
c.)<br><br><br><br><br>On Sunday, May 13, 2012 7:51:00 PM UTC-4, Werner Str=
ydom wrote:<blockquote class=3D"gmail_quote" style=3D"margin: 0;margin-left=
: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div>This message a=
ims to get some consensus on error handling when an OpenID rely party tries=
to authenticate with an OpenID provider and the best means modify DotNetOp=
enAuth to implement it. As for the latter, I'd appreciate some guidance.<br=
></div><div><br></div><div>Assume that a OpenID relay party (<a href=3D"htt=
ps://rp.example.com" target=3D"_blank">https://rp.example.com</a>) is tryin=
g to authenticate with an OpenID provider (<a href=3D"https://op.example.co=
m" target=3D"_blank">https://op.example.com</a>). Research at this point ha=
s highlighted the following potential issues when the RP wants to authentic=
ate using the OP. If you know of additional ones, please let me know.=
</div><div><br></div><div><ul><li>The host of the OP is incorrect, or it do=
esn't exist<br></li><li>The host of the OP is correct and the connection is=
dropped (as IIS/WCF does when the request is too large)<br></li><li>The ho=
st of the OP exists and never responds within a given time period<br></li><=
li>The host of the OP exists and returns HTTP Status 30x<br></li><li>The ho=
st of the OP exists and returns HTTP Status 400<br></li><li>The host of the=
OP exists and returns HTTP Status 401<br></li><li>The host of the OP exist=
s and returns HTTP Status 403<br></li><li>The host of the OP exists and ret=
urns HTTP Status 404<br></li><li>The host of the OP exists and returns HTTP=
Status 500<br></li><li>The host of the OP exists and returns HTTP Status 5=
03<br></li><li>The host of the OP exists and returns HTTP Status 504<br></l=
i><li>The host of the OP exists, returns HTTP Status 200 but an invalid XRD=
S document<br></li><li>The host of the OP exists, returns HTTP Status 200, =
but no XRDS document<br></li><li>The host of the OP exists, returns HTTP St=
atus 200, but the HTML returned does satisfy HTML discovery<br></li></ul></=
div><div><br></div><div>Some of these conditions may temporary (such as HTT=
P status 503), other permanent (i.e. host doesn't exist). In any case, an a=
ppropriate exception should be thrown by DotNetOpenAuth so that the OpenID =
rely party can handle it accordingly. </div><div><br></div><div>Here =
are some requirements for that exception:</div><div><ul><li>The exception m=
essage should support localization<br></li><li>The OpenID rely party should=
be able to determine the underlying error without having to analyze the me=
ssage. <br></li><li>The exception should be as comprehensive as possi=
ble, as it may be logged in isolation and may be the only source to diagnos=
e an issue. This assumes that there are multiple OpenID rely parties =
and providers running on the same physical host. <br></li><li>Messages=
should not contain abbreviations as this poses problems for support person=
nel. </li></ul></div><div>The exception may encapsulate:</div><div><ul=
><li>source of the request (<a href=3D"https://rp.example.com/signin" targe=
t=3D"_blank">https://rp.example.com/signin</a><wbr>), to differentiate one =
OpenID rely party from another.<br></li><li>destination of the request (<a =
href=3D"https://op.example.com" target=3D"_blank">https://op.example.com</a=
>), to differentiate one OpenID provider from another.<br></li><li>an corre=
lation identifier to differentiate one flow from another<br></li><li>a reas=
on to diagnose the issue<br></li><li>an corrective action, if possible</li>=
</ul></div><div>Here are examples of messages that may be more appropriate:=
</div><div><ul><li>When HTML discovery fails: "Failed to discover the OpenI=
D provider endpoint using the HTML Discovery method at <a href=3D"https://o=
p.example.com/" target=3D"_blank">https://op.example.com/</a>. The realm us=
ed trying to perform the discovery was <a href=3D"https://rp.example.com" t=
arget=3D"_blank">https://rp.example.com</a>".</li><li>When XRDS fails becau=
se the XRDS document is malformed: "Failed to discover the OpenID provider =
endpoint using XRDS discovery method at <a href=3D"https://op.example.com/"=
target=3D"_blank">https://op.example.com/</a>. The OpenID provider returne=
d a XRDS document, but the document was malformed. The realm used trying to=
perform the discovery was <a href=3D"https://rp.example.com" target=3D"_bl=
ank">https://rp.example.com</a>.".</li><li>When the OP doesn't respond in a=
reasonable time: "Failed to discover the OpenID provider endpoint using XR=
DS and HTML discovery methods at <a href=3D"https://op.example.com/" target=
=3D"_blank">https://op.example.com/</a>. The OpenID provider did not respon=
d within a reasonable time (00:00:10). The realm used trying to perform the=
discovery was <a href=3D"https://rp.example.com" target=3D"_blank">https:/=
/rp.example.com</a>." </li></ul></div><div>Does anyone have anything =
to add? If not, any suggestions how to best approach implementing it?</div>=
<div><br></div><div>Werner</div><div><br></div><div>PS. Much of the s=
ame requirements may apply to other parts of the DotNetOpenAuth, such as Op=
enID provider and OAuth components.</div><div><br></div></blockquote>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups "=
DotNetOpenAuth" group.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msg/dotnetopenid/-/F370CeXy_1MJ">https://groups.google.com/d/msg/dotne=
topenid/-/F370CeXy_1MJ</a>.<br />=20
To post to this group, send email to dotnet...@googlegroups.com.<br />
To unsubscribe from this group, send email to dotnetopenid+unsubscribe@goog=
legroups.com.<br />
For more options, visit this group at http://groups.google.com/group/dotnet=
openid?hl=3Den.<br />
------=_Part_205_2957919.1337111744322--
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_205_2957919.1337111744322"
------=_Part_205_2957919.1337111744322
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
That error message is the app's fault IMO -- not DNOA's. I'll explain.
When custom errors are turned off (an ASP.NET setting) you see these
nasty screens. And on this screen, ASP.NET shows the message of the
Inner-most exception. DNOA gives the user-friendly messaged in the
outermost exception and uses more technical terms on the inner ones.
Hope this helps.
Sent from my Windows Phone
From: Richard Collette
Sent: 5/15/2012 12:55 PM
To: dotnet...@googlegroups.com
Subject: [dotnetopenauth] Re: Improving how "No OpenID endpoint found"
errors are reported
<https://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I/AAAAAAAAD98/UEjVB0Uf3Bc/s1600/error.png>
Here's an example of a message that I wouldn't even consider user
friendly. What would be nice is if the exception included additional
contextual information (url, id, etc.)
On Sunday, May 13, 2012 7:51:00 PM UTC-4, Werner Strydom wrote:
>
> This message aims to get some consensus on error handling when an OpenID
> rely party tries to authenticate with an OpenID provider and the best means
> modify DotNetOpenAuth to implement it. As for the latter, I'd appreciate
> some guidance.
>
> Assume that a OpenID relay party (https://rp.example.com) is trying to
> authenticate with an OpenID provider (https://op.example.com). Research
> at this point has highlighted the following potential issues when the RP
> wants to authenticate using the OP. If you know of additional ones, please
> let me know.
>
>
> - The host of the OP is incorrect, or it doesn't exist
> - The host of the OP is correct and the connection is dropped (as
> IIS/WCF does when the request is too large)
> - The host of the OP exists and never responds within a given time
> period
> - The host of the OP exists and returns HTTP Status 30x
> - The host of the OP exists and returns HTTP Status 400
> - The host of the OP exists and returns HTTP Status 401
> - The host of the OP exists and returns HTTP Status 403
> - The host of the OP exists and returns HTTP Status 404
> - The host of the OP exists and returns HTTP Status 500
> - The host of the OP exists and returns HTTP Status 503
> - The host of the OP exists and returns HTTP Status 504
> - The host of the OP exists, returns HTTP Status 200 but an invalid
> XRDS document
> - The host of the OP exists, returns HTTP Status 200, but no XRDS
> document
> - The host of the OP exists, returns HTTP Status 200, but the HTML
> returned does satisfy HTML discovery
>
>
> Some of these conditions may temporary (such as HTTP status 503), other
> permanent (i.e. host doesn't exist). In any case, an appropriate exception
> should be thrown by DotNetOpenAuth so that the OpenID rely party can handle
> it accordingly.
>
> Here are some requirements for that exception:
>
> - The exception message should support localization
> - The OpenID rely party should be able to determine the underlying
> error without having to analyze the message.
> - The exception should be as comprehensive as possible, as it may be
> logged in isolation and may be the only source to diagnose an issue. This
> assumes that there are multiple OpenID rely parties and providers running
> on the same physical host.
> - Messages should not contain abbreviations as this poses problems for
> support personnel.
>
> The exception may encapsulate:
>
> - source of the request (https://rp.example.com/signin), to
> differentiate one OpenID rely party from another.
> - destination of the request (https://op.example.com), to
> differentiate one OpenID provider from another.
> - an correlation identifier to differentiate one flow from another
> - a reason to diagnose the issue
> - an corrective action, if possible
>
> Here are examples of messages that may be more appropriate:
>
> - When HTML discovery fails: "Failed to discover the OpenID provider
> endpoint using the HTML Discovery method at https://op.example.com/.
> The realm used trying to perform the discovery was
> https://rp.example.com".
> - When XRDS fails because the XRDS document is malformed: "Failed to
> discover the OpenID provider endpoint using XRDS discovery method at
> https://op.example.com/. The OpenID provider returned a XRDS document,
> but the document was malformed. The realm used trying to perform the
> discovery was https://rp.example.com.".
> - When the OP doesn't respond in a reasonable time: "Failed to
> discover the OpenID provider endpoint using XRDS and HTML discovery methods
> at https://op.example.com/. The OpenID provider did not respond within
> a reasonable time (00:00:10). The realm used trying to perform the
> discovery was https://rp.example.com."
>
> Does anyone have anything to add? If not, any suggestions how to best
> approach implementing it?
>
> Werner
>
> PS. Much of the same requirements may apply to other parts of the
> DotNetOpenAuth, such as OpenID provider and OAuth components.
>
>
--
You received this message because you are subscribed to the Google
Groups "DotNetOpenAuth" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/dotnetopenid/-/F370CeXy_1MJ.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to
dotnetopenid...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/dotnetopenid?hl=en.
------=_Part_205_2957919.1337111744322
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<html><head><meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Cont=
ent-Type"></head><body><div><div style=3D"font-family: Calibri,sans-serif; =
font-size: 11pt;">That error message is the app's fault IMO -- not DNOA's.&=
nbsp; I'll explain. When custom errors are turned off (an ASP.NET set=
ting) you see these nasty screens. And on this screen, ASP.NET shows =
the message of the Inner-most exception. DNOA gives the user-friendly=
messaged in the outermost exception and uses more technical terms on the i=
nner ones.<br><br>Hope this helps.<br><br>Sent from my Windows Phone<br></d=
iv></div><hr><span style=3D"font-family: Tahoma,sans-serif; font-size: 10pt=
; font-weight: bold;">From: </span><span style=3D"font-family: Tahoma,sans-=
serif; font-size: 10pt;">Richard Collette</span><br><span style=3D"font-fam=
ily: Tahoma,sans-serif; font-size: 10pt; font-weight: bold;">Sent: </span><=
span style=3D"font-family: Tahoma,sans-serif; font-size: 10pt;">5/15/2012 1=
2:55 PM</span><br><span style=3D"font-family: Tahoma,sans-serif; font-size:=
10pt; font-weight: bold;">To: </span><span style=3D"font-family: Tahoma,sa=
ns-serif; font-size: 10pt;">dotnet...@googlegroups.com</span><br><span s=
tyle=3D"font-family: Tahoma,sans-serif; font-size: 10pt; font-weight: bold;=
">Subject: </span><span style=3D"font-family: Tahoma,sans-serif; font-size:=
10pt;">[dotnetopenauth] Re: Improving how "No OpenID endpoint found" error=
s are reported</span><br><br></body></html><p style=3D"text-align: center; =
clear: both;" class=3D"separator"><a style=3D"margin-left: 1em; margin-righ=
t: 1em;" href=3D"https://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I=
/AAAAAAAAD98/UEjVB0Uf3Bc/s1600/error.png" imageanchor=3D"1"><img src=3D"htt=
ps://lh4.googleusercontent.com/-cY_AZZb96r8/T7K0iU-ID0I/AAAAAAAAD98/UEjVB0U=
f3Bc/s1600/error.png" style=3D"" border=3D"0"></a></p><p style=3D"text-alig=
n: center; clear: both;" class=3D"separator"></p>Here's an example of a mes=
sage that I wouldn't even consider user friendly. What would be nice =
is if the exception included additional contextual information (url, id, et=
c.)<br><br><br><br><br>On Sunday, May 13, 2012 7:51:00 PM UTC-4, Werner Str=
ydom wrote:<blockquote class=3D"gmail_quote" style=3D"margin: 0;margin-left=
: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div>This message a=
ims to get some consensus on error handling when an OpenID rely party tries=
to authenticate with an OpenID provider and the best means modify DotNetOp=
enAuth to implement it. As for the latter, I'd appreciate some guidance.<br=
></div><div><br></div><div>Assume that a OpenID relay party (<a href=3D"htt=
ps://rp.example.com" target=3D"_blank">https://rp.example.com</a>) is tryin=
g to authenticate with an OpenID provider (<a href=3D"https://op.example.co=
m" target=3D"_blank">https://op.example.com</a>). Research at this point ha=
s highlighted the following potential issues when the RP wants to authentic=
ate using the OP. If you know of additional ones, please let me know.=
</div><div><br></div><div><ul><li>The host of the OP is incorrect, or it do=
esn't exist<br></li><li>The host of the OP is correct and the connection is=
dropped (as IIS/WCF does when the request is too large)<br></li><li>The ho=
st of the OP exists and never responds within a given time period<br></li><=
li>The host of the OP exists and returns HTTP Status 30x<br></li><li>The ho=
st of the OP exists and returns HTTP Status 400<br></li><li>The host of the=
OP exists and returns HTTP Status 401<br></li><li>The host of the OP exist=
s and returns HTTP Status 403<br></li><li>The host of the OP exists and ret=
urns HTTP Status 404<br></li><li>The host of the OP exists and returns HTTP=
Status 500<br></li><li>The host of the OP exists and returns HTTP Status 5=
03<br></li><li>The host of the OP exists and returns HTTP Status 504<br></l=
i><li>The host of the OP exists, returns HTTP Status 200 but an invalid XRD=
S document<br></li><li>The host of the OP exists, returns HTTP Status 200, =
but no XRDS document<br></li><li>The host of the OP exists, returns HTTP St=
atus 200, but the HTML returned does satisfy HTML discovery<br></li></ul></=
div><div><br></div><div>Some of these conditions may temporary (such as HTT=
P status 503), other permanent (i.e. host doesn't exist). In any case, an a=
ppropriate exception should be thrown by DotNetOpenAuth so that the OpenID =
rely party can handle it accordingly. </div><div><br></div><div>Here =
are some requirements for that exception:</div><div><ul><li>The exception m=
essage should support localization<br></li><li>The OpenID rely party should=
be able to determine the underlying error without having to analyze the me=
ssage. <br></li><li>The exception should be as comprehensive as possi=
ble, as it may be logged in isolation and may be the only source to diagnos=
e an issue. This assumes that there are multiple OpenID rely parties =
and providers running on the same physical host. <br></li><li>Messages=
should not contain abbreviations as this poses problems for support person=
nel. </li></ul></div><div>The exception may encapsulate:</div><div><ul=
><li>source of the request (<a href=3D"https://rp.example.com/signin" targe=
t=3D"_blank">https://rp.example.com/signin</a><wbr>), to differentiate one =
OpenID rely party from another.<br></li><li>destination of the request (<a =
href=3D"https://op.example.com" target=3D"_blank">https://op.example.com</a=
>), to differentiate one OpenID provider from another.<br></li><li>an corre=
lation identifier to differentiate one flow from another<br></li><li>a reas=
on to diagnose the issue<br></li><li>an corrective action, if possible</li>=
</ul></div><div>Here are examples of messages that may be more appropriate:=
</div><div><ul><li>When HTML discovery fails: "Failed to discover the OpenI=
D provider endpoint using the HTML Discovery method at <a href=3D"https://o=
p.example.com/" target=3D"_blank">https://op.example.com/</a>. The realm us=
ed trying to perform the discovery was <a href=3D"https://rp.example.com" t=
arget=3D"_blank">https://rp.example.com</a>".</li><li>When XRDS fails becau=
se the XRDS document is malformed: "Failed to discover the OpenID provider =
endpoint using XRDS discovery method at <a href=3D"https://op.example.com/"=
target=3D"_blank">https://op.example.com/</a>. The OpenID provider returne=
d a XRDS document, but the document was malformed. The realm used trying to=
perform the discovery was <a href=3D"https://rp.example.com" target=3D"_bl=
ank">https://rp.example.com</a>.".</li><li>When the OP doesn't respond in a=
reasonable time: "Failed to discover the OpenID provider endpoint using XR=
DS and HTML discovery methods at <a href=3D"https://op.example.com/" target=
=3D"_blank">https://op.example.com/</a>. The OpenID provider did not respon=
d within a reasonable time (00:00:10). The realm used trying to perform the=
discovery was <a href=3D"https://rp.example.com" target=3D"_blank">https:/=
/rp.example.com</a>." </li></ul></div><div>Does anyone have anything =
to add? If not, any suggestions how to best approach implementing it?</div>=
<div><br></div><div>Werner</div><div><br></div><div>PS. Much of the s=
ame requirements may apply to other parts of the DotNetOpenAuth, such as Op=
enID provider and OAuth components.</div><div><br></div></blockquote>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups "=
DotNetOpenAuth" group.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msg/dotnetopenid/-/F370CeXy_1MJ">https://groups.google.com/d/msg/dotne=
topenid/-/F370CeXy_1MJ</a>.<br />=20
To post to this group, send email to dotnet...@googlegroups.com.<br />
To unsubscribe from this group, send email to dotnetopenid+unsubscribe@goog=
legroups.com.<br />
For more options, visit this group at http://groups.google.com/group/dotnet=
openid?hl=3Den.<br />
------=_Part_205_2957919.1337111744322--
Reply all
Reply to author
Forward
0 new messages