How 1.0a should deal with 1.0 is outside the scope of the spec. The only thing we need to make sure is that a 1.0a server can detect which flow the client is trying to use, and make its own decision on how to handle it.
The best tool we have is the oauth_callback parameter in the first step. We need to accommodate 2 cases for it, callback and manual entry. Given the fact that people rarely actually read the authorization pages, I am reluctant to support a mode for no verifier, even if the server gives strong warnings about this being a desktop application. The two questions are: - How can a server know which flow is being used? The server looks for an oauth_callback in the 1st step. If one is present (regardless of value), it is the new flow. If non is present, it is the old flow. The server will need to decide what to do with an old flow and it will no be addressed by the specification (maybe in short appendix). - How can a server know if the verification token should be delivered via a callback or manually? The server looks for the value of the oauth_callback parameter in the first step. If the value is empty/some-string, it knows to deliver the verification code manually. The decision between an empty callback or a fixed string is still open and I would like to ask more people to chime in. EHL On 4/30/09 11:22 AM, "Blaine Cook" <rom...@gmail.com> wrote: On Thu, Apr 30, 2009 at 7:08 PM, Mike Malone <mjmal...@gmail.com> wrote: > I don't know, is it? I was under the impression that the rev was designed to > preserve backwards compatibility and leave the decision up to SPs. Right; (I think) the 1.0 consumers will only break if an SP has upgraded to 1.0a/1.1 or whatever we call the new version. b. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
