On Thu, Apr 30, 2009 at 6:00 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > > That's a matter for how servers handle their consumer keys and registrations. > If no oauth_callback is present in the first step (1.0a), a server can:
"If no oauth_callback is present" then the consumer is assumed as executing the 1.0 and not the 1.0 Rev.A protocol, in this case I do agree with the choices you give, but I think that services compliant with the new spec should always generate and expect the verifier (I agree with the use of a specific value to help detect the consumers that are not able to get a redirect) Luca --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---