Mild preference for Option 2 or 3. Current implementers reading this list will obviously be able to implement it right either way, but Opt1 would be more painful for people making clean implementations 4 months from now.
"That SP claimed to be 1.0, but the callback is missing the mandatory oauth_verifier param that I see in the spec...?" "That OAuth 1.0 Consumer just asked for a Request Token, but it forgot the required oauth_callback param in the spec...?" I.e. any new implementations against OAuth 1.0 A would need to do archeological work in the SVN repository to handle all other "1.0" peers, or to unambiguously tell which are 1.0a vs. 1.0. We'd make their lives easier by making the signaling unambiguous and explicit on the wire via either oauth_version or some other explicit and documented parameter. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
