Hi!
I would like to see this issue addressed in the next iteration of OAuth.
For one internal scenario in which we have deployed OAuth we have come up
with a solution in which apart from oauth_callback another error_callback
parameter is passed - in case of failure the user will be redirected to that
one instead.
Regards,
Lukas Rosenstock
2010/2/21 Mahesh Venkat mhven...@gmail.com
Hi,
I recently implemented the 3-legged oauth as per the OAuth 1.0a specs.
During the implementation I am finding some gaps in the specs for error
scenarios.
We have oauth_callback url to redirect the user to the consumer app after a
successful user authorization. There are a number of exception cases where I
am not sure what the oauth specs are:
1. What is the user interface or oauth interface, if the user denies
the authorization
2. If there is system failure in presenting the authorization page to
the user, should the service provide redirect to the same oauth_callback
url of the consumer?
3. When the service provider receives a request for user authorization
using the 'unauthorized' request token, if the token is invalid or expired
should the service provider redirect to the oauth_callback url or send a
404
error?
Appreciate your response.
--
Regards
--Mahesh
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to
oauth+unsubscr...@googlegroups.com oauth%2bunsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
http://lukasrosenstock.net/
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.