On Thu, Apr 30, 2009 at 9:25 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > > Please review: > > http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/1/oauth-core-1_0a.html > > I did my best to keep the changes to a bare minimum and to avoid any > editorial changes to make comparison trivial: > > http://code.google.com/p/oauth/source/diff?spec=svn992&old=991&r=992&format=unidiff&path=%2Fspec%2Fcore%2F1.0a%2Foauth-core-1_0a.xml
Looks good! In addition (or instead of) requiring the token and verifier to be suitable for manual entry "If the Service Provider knows a Consumer to be running on a mobile device or set-top box" , wouldn't be a sensible thing to require that every time the oauth_callback is set to "oob" as that ought to be a safe way to tell the consumer able to receive a callback from those that will require manual operations? It may remove a bit of uncertainty when dealing with different kinds of consumers... This would impact: - The wording in 6.2.3: "If the value of the oauth_callback parameter was oob, case sensitive, then the Service Provider SHOULD ensure that the generated Request Token is suitable for manual entry" - The note in 6.2.1: "If the the value of the oauth_callback parameter was oob, case sensitive, then the Service Provider SHOULD ensure that the User Authorization URL and Request Token are suitable for manual entry" - And it could be added to 6.1.2: "If the value of the oauth_callback parameter was oob, case sensitive, then the Service Provider SHOULD ensure that the generated Request Token is suitable for manual entry". what do you think? Luca --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---