On Mon, Feb 1, 2010 at 8:11 PM, John Kristian jmkrist...@gmail.com wrote:
In theory, a service provider could handle a change of consumer
credentials, and continue to accept access tokens that it issued to
that consumer previously. But that seems dangerous. If the consumer
credentials were
My group is evaluating OAuth as a possible technology. I need some
information though. Some of the questions I think I know the answer to,
but I want to hear it from people active in the community.
* Version 1.0a is the current standard. 2.0 is in the wings. When? Will
it be backwards
Blaine,
Thanks for your clarification.
I think the key point you bring up is still missing from the spec:
server-side implementations should only allow requests that are made
with an access token and the consumer key that was used to issue the
access token.
If I as a consumer just assume