OAuth Core doesn't specify, as far as I know. I think the service provider should send an access token to the consumer, assuming all goes well. It might send the same access token it previously sent to the same user/consumer pair. The service provider might not ask the user for authorization.
It seems strange for the consumer to revoke access. It would be more effective for the service provider to revoke access. On Apr 3, 7:20 am, Garrison Locke <[email protected]> wrote: > I was hoping someone might be able to clear up something for me with > regards to an OAuth scenario. > > Let's say a user has granted access for a consumer to use a service, > and then, in the consumer application, revokes the access. > > The user then tries to regain access by going through the request > token -> authorize -> access token process, but is presented with an > error because the service thinks they already have access. > > What's the correct behavior in this situation? Should the service > provider always start the process over if a new request token is > requested even if they've previously authorized the consumer to > utilize the service? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
