Yes, it does. If a server receives a request token request from a client that does not include a callback_url, the server can respond with a 400 (Bad Request) and, if you want to be more helpful say something in the body like: "Incompatible OAuth flow. This server only supports 1.0a, see <link to new spec>"
On Thu, Apr 30, 2009 at 5:59 PM, David Parry <[email protected]> wrote: > I don't have a problem with that, it makes perfect sense. > > But the proposed spec doesn't provide any method by which to deprecate > the old broken 1.0 functionality and convey that to the consumer that > is making the request. -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
