The consumer's developer will quickly find out they need to upgrade when their users starting complaining its not working. It's probably also a good idea for SPs to give their consumers a heads up that they are closing support for the old 1.0 spec.
On Thu, Apr 30, 2009 at 7:59 PM, David Parry <devb...@gmail.com> wrote: > > I don't have a problem with that, it makes perfect sense. > > But the proposed spec doesn't provide any method by which to deprecate > the old broken 1.0 functionality and convey that to the consumer that > is making the request. > > > On May 1, 10:54 am, Jonathan Sergent <serg...@google.com> wrote: > > Incrementing oauth_version is a mistake unless you want to ensure that no > > compatibility occurs - if a server gets a request that is newer than what > it > > supports, it probably needs to reject the request. > > > > On Thu, Apr 30, 2009 at 5:43 PM, David Parry <devb...@gmail.com> wrote: > > > > > Not incrementing the oauth_version for the new spec is a mistake imho. > > > > > It seems kinda flaky to me to switch between the specs 1.0/1.0a purely > > > based on whether the oauth_callback is sent when a consumer obtains a > > > request token. > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---