+1 On Sun, May 3, 2009 at 4:06 AM, Eran Hammer-Lahav <[email protected]>wrote:
> > We seem to be spending a lot of time on the question of how providers > supporting both flows can tell which flow is being used. If they simply > offer a new set of 3 endpoints: request token, authorize, and access token, > this entire problem goes away. It also removed the need to make the > oauth_callback mandatory in the new flow, or use literal strings to indicate > out-of-band. > > New flow endpoints - always requires verification code to get access token, > which is delivered using a callback is available (via the parameter or > registration), otherwise manually. > > Old flow endpoints - broken business as usual with scary language. > > This leaves all the actual API endpoints untouched, unchanged, unbroken. > Any existing code will need to change to use the new flow which means it can > as easily point to new endpoints. This is also consistent with how the > discovery proposal works (which shows it is not a new idea). > > New providers have no reason to support the old flow. This is really only > about 30 or so providers with OAuth endpoints *today*. > > Why not? > > EHL > > > > > > -- darren bounds [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
