On Apr 17, 10:32 am, Breno <breno.demedei...@gmail.com> wrote: > Sorry, Eran, but it is not an authentication protocol. An > authentication protocol must be signed by the authenticator, not by > the authentication requester.
OMG YES! Can OAuth 1.1 _please_ fix this and make signing of the callback URL by the OAuth producer back to the consumer a REQUIRED part of the specification? Yes, I recognize that this may result in problems w/r/t URL length limits as all the values are passed as query parameters in a GET request, but it would be SO worth it. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---