I would prefer it to have a value - for .net the usual way of accessing the form and querystring parameters returns null if the parameter is not there or has no value. To implement an empty value we would have to make two checks to see if the key is present and then check to see if it has a value. I know it's not a big deal but it can lead to bad implementations. "oob" seems perfectly valid to me.
I would prefer the version to be used to identify what flow is in use - have to agree with David Parry that it makes it a lot cleaner to identify if the consumer has sent a version 1.0 request or they are attempting an invalid 1.1/1.0a request. But to enforce this the spec would need to be updated to make the oauth_version parameter mandatory in all requests. I don't think this would be a big leap though as I would have thought that most implementations already include this parameter as standard. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---