Additionally, due to security concerns (highlighted by Blaine earlier in the thread) I never implemented the oauth_callback in the authorize phase of the flow, and I doubt I will implement it as outlined in the new spec. For this reason, I really don't want to be using a field that I ignore as the switch to indicate whether I should be using 1.0 or 1.0a.
On May 1, 1:11 pm, David Parry <[email protected]> wrote: > As a Service Provider, I want to be able to run both 1.0 and 1.0a (or > 1.1) concurrently for a period of time while my consumers implement > the new version. Then disable 1.0 and return an error if a consumer > attempts to use the old version. > > At least to me, this provides the easiest and most fail safe migration > path for all parties. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
