Would failing to get a Request Token because of missing oauth_callback parameter in the request satisfy you requirement?
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Eaton > Sent: Monday, May 04, 2009 11:22 AM > To: [email protected] > Subject: [oauth] Re: Security Fix Charter > > > On Mon, May 4, 2009 at 11:14 AM, Eran Hammer-Lahav > <[email protected]> wrote: > > > > Clients are always limited to what the server decides to support. If > a server > > only supports 1.0a, the client has no other options. So as long as > servers > > support both versions, clients will be able to use both versions... > or am > > I missing something? > > Some of the proposals discussed allow consumers to automatically > detect the server version and do the right thing. > > Other proposals make that impossible, or difficult, or slow. > > I am strongly in favor of mechanism that make automatic detection easy > and fast. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
