It looks like we have some inconsistencies in the way we parse OAuth and OAuth2.
Both definitions allow for missing elements: In OAuth1.0 , "Request", "Access" and "Authorization" can be empty In OAuth2.0, element "Authorization" and "Token" can be empty (Schema here: http://opensocial-resources.googlecode.com/svn/spec/2.0.1/Core-Gadget.xml#GadgetXmlSchema). However, when we parse gadget definitions that have OAuth1.0 with a missing element, we get a 500 error with "/OAuth/Service/Access is required". When we parse a OAuth2.0 definition with a missing element, the gadget renders just fine. Seems like we should be doing the same for both, if the specs are equivalent. (OAuth example with missing element: http://hosting.gmodules.com/ig/gadgets/file/109228598702359180066/oauth_no_acccess.xml) (OAuth2 example with missing element: http://hosting.gmodules.com/ig/gadgets/file/109228598702359180066/oauth2_no_auth.xml) So it is an error in the opensocial spec, or should the 1.0 implementation be modified to follow the spec? Thanks, -Igor
