On May 5, 9:08 pm, Brian Eaton <[email protected]> wrote:
> On Tue, May 5, 2009 at 7:15 PM, Josh Roesslein <[email protected]> wrote:
> > We would either have to increment the wire version OR the SP would have to
> > use different end points for the two flows.
>
> WTF? No.
>
> Just pass *one* extra bit of data in the request token step "do you
> support callback tokens?" and get back *one* extra bit of data in the
> request token response "yes".
I'd agree. If the consumer gets back a HTTP 401 with "missing required
field" for callback_url on the get_request_token call, he *must*
understand that the provider supports the updated spec *only*. I do
not see why would anyone stick to supporting the old version at this
point - plus, the old spec implementation has to be EOL'd sooner or
later anyway.
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
