On Aug 9, 2010, at 08:37 , Taylor Singletary wrote: > As a reminder, it's proper OAuth to always send an oauth_callback on the > request token step of OAuth negotiation -- even if you've preregistered a > callback or are using the PIN code/out-of-band flow (in which case you would > send oauth_callback=oob).
Taylor, As a user of xauth, I do not currently send "oauth_callback=oob". I think this is because xauth does not participate in the negotiation for a temporary credential. (See: <http://tools.ietf.org/html/rfc5849> section 2.1.). Is this your understanding? Or do xauth users need to include this callback in our request for our permanent access token? Anon, Andrew ____________________________________ Andrew W. Donoho Donoho Design Group, L.L.C. a...@ddg.com, +1 (512) 750-7596 "We did not come to fear the future. We came here to shape it." -- President Barack Obama, Sept. 2009