Section 6.2.3 states: "The callback URL MAY include Consumer provided query parameters. The Service Provider MUST retain them unmodified and append the oauth_token parameter to the existing query."
That last sentence should probably include oauth_verifier for consistency: "...retain them unmodified and append the oauth_token and oauth_verifier parameters to the existing query." My real question: Can the consumer's custom params be added after the request token step? (i.e. having not been included in the RT's oauth_callback) Eric On May 12, 4:10 pm, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Please review: > > http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/3/oauth-core-1_... > > Change log: > > http://code.google.com/p/oauth/source/diff?spec=svn997&old=994&r=997&... > > The changes are: > > 1. Changed draft designation from discussion to implementer. > 2. Added author, added 'Editor' designation. > 3. IMPACT: Added required response parameter 'oauth_callback_confirmed=true' > in 6.1.2. > 4. Language changes in 6.2.3 (no impact). > 5. Moved Security Considerations appendix to new section 11. > 6. Added three new security considerations: 11.14-16. > > * Deadline for feedback is May 25th. > * This is expected to be the last draft. > > EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---