On Tue, May 5, 2009 at 10:43 PM, Eran Hammer-Lahav <[email protected]> wrote: > This seems to suggest the client needs a way to detect which version the > server > is using. How about check the documentation? We don't have discovery yet which > is going to solve the flow versioning problem. I am not sure what use case you > are trying to solve.
Use case is consumers and service providers trying to transition to OAuth 1.0a in parallel without creating down time or needing to "all hold hands and jump together". Reading documentation is not an option for that. "Discovery" in the sense of downloading a bunch of information about a service provider is massive overkill. We just need a way to detect that both consumer and SP support callback tokens. My specific concern is around the OAuth consumer implementation in Shindig. It hides details of the OAuth protocol from clients, which people have appreciated. (Supporting problem reporting and session extension have been completely transparent to application code, for example.) I'd like to continue to do that with the transition from OAuth 1.0 to 1.0a. However, existing clients have hardcoded callback URLs on their approval URLs. If the consumer code can detect that the service provider supports OAuth 1.0a, it can automatically correct that problem by stripping the callback URL off the approval URL. If the consumer code can't detect service provider version, then we're going to end up in situations where different callback URLs are sent on both the request token step and the approval step. It won't surprise me in the least if that breaks service providers. It looks exactly like an attack. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
