Version 3, where the string literal is supposed to be interpreted as "manual entry or out-of-band" exchange of the callback token.
Version 1 is already supported. There is interest to support some form of manual entry (for instance, SPs could give less stern warnings for such desktop apps). On Fri, May 1, 2009 at 1:43 AM, Blaine Cook <rom...@gmail.com> wrote: > > We need to gain some consensus around the value (or lack thereof) that > should be used for the oauth_callback parameter that is sent from the > consumer to the service provider when obtaining the request token in > the new flow. Our options: > > 1. None. Applications that cannot receive callbacks (or that have > static callback endpoints) should be configured as such in an > out-of-band flow, along with the service provider issues the consumer > key and secret. > 2. String literal "none" > 3. String literal, other than "none" > > I have omitted "oob" explicitly since it seems as though there was a > lot of confusion around it. However, there is the option for a > different string literal. I'd also like to hear from library authors > whose voices have not been present in the discussions over the past > week. Please indicate your preferred option as soon as possible. > > b. > > > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---