Hey Paul, It'd be great to collect these learnings and design rationales in an FAQ...
It could/should live here: https://wiki.oauth.net/FAQ Alternatively, each question that your colleague asked could be entered into our Satisfaction forum and then answered, so that a discussion could emerge on each topic: http://getsatisfaction.com/oauth If you take that approach, I could simply take a Satisfaction widget and put it on an oauth.net FAQ page (my preference). Let me know. Chris On Thu, Jul 23, 2009 at 11:14 AM, Paul Lindner <lind...@inuus.com> wrote: > Hi, > Recently a colleague who is starting an implementation of OAuth asked me > many questions about the design rationale of many of the steps involved in > the OAuth protocol. I found a number of mailing list threads discussing the > importance of each step and why it is present. If there's interest I can > consolidate them into an FAQ. > > There was one suggestion that my colleague presented that I did not find an > answer for: > > * Can one skip the access token exchange step and instead have the access > token and access secret communicated to the consumer via the callback URL? > > (assuming OAuth 1.0a with signed callback URLs) > > Thanks > Paul > > > > > -- Chris Messina Open Web Advocate Personal site: http://factoryjoe.com Twitter: http://twitter.com/chrismessina Diso Project: http://diso-project.org OpenID Foundation: http://openid.net This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
