Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Version mismatch during OpenID stateless verification. Valid/Invalid?

In OpenID 2.0 specifications, there isn't any mention of the scenario for the following case:
- stateless verification is being performed
- initial yadis discovery occurs, and identity provider specifies OpenID version 2.0
- after authentication, when verification is being done, identity provider specifies OpenID 1.0.

From the provider's perspective, is this a valid operation to specify two different versions in the two stages?

From the RP's perspective, if the provider specifies two different versions in the two stages in a stateless verification, should it be accepted or rejected?
1 person has
this question
+1
Reply