Actually, I would go even further: Provide a list of different ways of
redirecting and address each of them, or at least each class of
redirects with the same characteristics.
Igor
Anthony Nadalin wrote:
The OAuth spec is somewhat silent about how a resource provider should
perform a redirect as there are many ways to accomplish the redirect.
We also discovered that since the HTTP specifications were somewhat
vague on fragments that some HTTP client implementations strip the
fragment, we have the case in our implementation of WinINET.
So would like to propose that wording be added in 2.1.1 to the effect
that “There are many ways to perform the redirection and the fact that
some HTTP client implementations strip the fragment so take this into
consideration when choosing a redirect technology.” It might be also
good to add an example of a different style redirect as I believe all
the samples use 302 .
------------------------------------------------------------------------
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
