This was in an early draft. The callback included a parameter that told the client if access was granted or not. It was dropped because most people thought it wasn't needed. Adding another request (access token) isn't that significant for the cases where access was not granted.
EHL On 4/28/09 1:40 PM, "Jesse Myers" <[email protected]> wrote: Upon receiving the callback, the Consumer should try to get an Access Token. You should return a 401 to indicate that authorization was denied. On Tue, Apr 28, 2009 at 1:30 PM, Mike Williams <[email protected]> wrote: > > On 28/04/2009, at 9:45 PM, J. Adam Moore wrote: > >>> How does one typically indicate, in the authorization callback, >>> whether the Request Token was approved or denied? > >> I think you send a 401 error... > > > Er, sorry, perhaps my question was unclear. Authorization of a > request token is an exchange between User and Service Provider. After > a rejected authorization, I want to notify the Consumer that it was > rejected, and the spec suggests that it "MAY" be done by invoking the > callback. What I want to know is, how should I let the Consumer know > the token was rejected vs approved? > > -- > cheers, > Mike Williams > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
