> From Eran's summary of the proposal there are three ways to close the loop: > > (1) Verifier + Callback > (2) Verifier + Manual entry > (3) No verifier + manual 'continue' > > The options for the SP would be: > > oauth_callback in 1st step: > > - Present with value - do (1) > - Present with empty value - do (2) > - Not included in request - do (3) > > oauth_callback in 2nd step: > > - Present and wasn't in 1st step - do (3) (or give error if deprecated) > - Present in both 1st and 2nd steps - error > - Not included in redirection - do (3) >
This would break the web flow for 1.0 (non Rev. A) consumers. You could ask at consumer provisioning whether it's a web or desktop app. In that case this would essentially be the same as the "disallow callbacks for desktop apps" option. Mike --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
