The spec is largely silent on how the service provider notifies the consumer that the user denied access. A possible solution would be to pass OAuth Problem Reporting values (http://oauth.pbworks.com/ProblemReporting) to the callback URL and without a verifier, like this:
http://calback/url?oauth_problem=permission_denied On Sun, Feb 21, 2010 at 9:11 AM, Mahesh Venkat <mhven...@gmail.com> wrote: > Hi, > > I recently implemented the 3-legged oauth as per the OAuth 1.0a specs. > During the implementation I am finding some gaps in the specs for error > scenarios. > We have oauth_callback url to redirect the user to the consumer app after a > successful user authorization. There are a number of exception cases where I > am not sure what the oauth specs are: > > > 1. What is the user interface or oauth interface, if the user denies > the authorization > 2. If there is system failure in presenting the authorization page to > the user, should the service provide redirect to the same oauth_callback > url of the consumer? > 3. When the service provider receives a request for user authorization > using the 'unauthorized' request token, if the token is invalid or expired > should the service provider redirect to the oauth_callback url or send a > 404 > error? > > Appreciate your response. > > -- > Regards > --Mahesh > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
