On May 2, 2:19 am, Brian Eaton <[email protected]> wrote: > On Fri, May 1, 2009 at 1:43 AM, Blaine Cook <[email protected]> wrote: > > 1. None. Applications that cannot receive callbacks (or that have > > static callback endpoints) should be configured as such in an > > out-of-band flow, along with the service provider issues the consumer > > key and secret. > > Just because the callback is preregistered doesn't mean an application > won't want to update it at runtime. For example, they might want to > add session state information or language preference information.
We allowed for this with our implementation by returning any additional Consumer query parameters that were provided in the authorize url. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
