On Mon, Nov 24, 2008 at 10:14 AM, Joseph Smarr <[EMAIL PROTECTED]> wrote: > It's hard to see how to avoid this problem, other than a) not to ever change > URL structure of OAuth provider URLs, or b) have consumers watch for 302s > and recompute their signature and re-send the request if they see one. In > general, both seem infeasible in practice, so I think at best we should > document this as a "known gotcha" to look for when debugging code.
Google calendar OAuth endpoints need to send 302s on occasion, so we ran into this problem as well. We went with option b: the consumer code looks for and signs redirect urls. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
