[oauth] Redirecting a Consumer

2009-08-24 Thread John Kristian 

Do OAuth service providers redirect consumers?  I mean send HTTP
status code 301, 302, 303 or 307 in response to a request for a token
or access to a protected resource.  If the first request wasn't a GET,
should the consumer fail, send a GET or repeat the original method
(e.g. POST)?  If a consumer follows the redirect, should it generate a
new timestamp, nonce and signature for the new request?

I'd like to develop a Java library to make it easy to handle
redirection, but I'm not sure what it should do.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---

[oauth] Re: Redirecting a Consumer

2009-08-24 Thread Tim Fletcher 

> Do OAuth service providers redirect consumers?

The Google Calendar API does.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---