The OAuth spec section 6.2.3 states that "If the User denies access, the Consumer MAY be notified that the Request Token has been revoked." At first I was thinking that I would just flag the request token as being denied on the service provider and then when the consumer tries to swap tokens specify that the oauth_problem is permission_denied. But when the service provider redirects the user to the consumer callback URI, should I still pass the verifier parameter or not bother?
Is this the "right way" to let the consumer know the request has been denied? Thanks, Rich --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
