Upon receiving the callback, the Consumer should try to get an Access Token. You should return a 401 to indicate that authorization was denied.
On Tue, Apr 28, 2009 at 1:30 PM, Mike Williams <[email protected]> wrote: > > On 28/04/2009, at 9:45 PM, J. Adam Moore wrote: > >>> How does one typically indicate, in the authorization callback, >>> whether the Request Token was approved or denied? > >> I think you send a 401 error... > > > Er, sorry, perhaps my question was unclear. Authorization of a > request token is an exchange between User and Service Provider. After > a rejected authorization, I want to notify the Consumer that it was > rejected, and the spec suggests that it "MAY" be done by invoking the > callback. What I want to know is, how should I let the Consumer know > the token was rejected vs approved? > > -- > cheers, > Mike Williams > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
