On 4/30/09 7:19 AM, Blaine Cook wrote: > Looks good, with the exception of the 'oob' value – why not just say > that an empty OR absent callback parameter fulfills the same role as > 'oob'? There are also plenty of service providers that require static > configuration of the callback, and in those cases the callback > parameter would be absent when obtaining the request token.
I'm guessing Eran's concern was being able to differentiate between a 1.0 consumer vs. a 1.0A consumer. Having an absent callback parameter could be either. The rationale of sending a magic string like "oob" because "we can't trust that the consumer and/or server's HTTP implementation to not be BROKEN when handling empty parameters" irks me, but I didn't feel like arguing about it. If I were king, I'd say that an empty callback parameter is required for 1.0A consumers, and absent signifies 1.0 consumers. Really, why not bump the version to 1.1? Is there real magic behind the version number? What's the point of versioning the protocol if revving it is painful? -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---