Maybe the spec should have a section on "Implementation Guidelines" and sub-sections for both SPs and consumers.
On Thu, Apr 30, 2009 at 2:00 PM, Luca Mearelli <luca.meare...@gmail.com>wrote: > > On Thu, Apr 30, 2009 at 7:55 PM, Blaine Cook <rom...@gmail.com> wrote: > > In cases where callbacks are not supported, there should never be the > > option to flip back and forth. Either the application supports > > callbacks, or it doesn't, end of story. > > agreed, this is the most secure way. > Do you think this is something that belongs to the spec (as in: be the > required behavior) ? > > Luca > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---