On Aug 9, 2010, at 08:37 , Taylor Singletary wrote:
> As a reminder, it's proper OAuth to always send an oauth_callback on the
> request token step of OAuth negotiation -- even if you've preregistered a
> callback or are using the PIN code/out-of-band flow (in which case you would
> send oauth_callback=oob).
Taylor,
As a user of xauth, I do not currently send "oauth_callback=oob". I
think this is because xauth does not participate in the negotiation for a
temporary credential. (See: <http://tools.ietf.org/html/rfc5849> section 2.1.).
Is this your understanding? Or do xauth users need to include this callback in
our request for our permanent access token?
Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
a...@ddg.com, +1 (512) 750-7596
"We did not come to fear the future.
We came here to shape it."
-- President Barack Obama, Sept. 2009
