On Thu, Apr 30, 2009 at 9:44 AM, Eran Hammer-Lahav <[email protected]> wrote: > Present with empty value - display verifier to user and require to exchange > tokens
I do not see how an empty value is an improvement from a non-valid URI. It may not cause problems, but we don't know that. Let's play safe and if people are unhappy with 'oob', then say 'outofband' or something. Not included in request token request seems not an option for clients that expect a verifier, if we expect SPs will have a period of handling both flows. -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
