On May 6, 2009, at 11:49 AM, Brian Eaton wrote: [...]
> However, existing clients have hardcoded callback URLs on their > approval URLs. If the consumer code can detect that the service > provider supports OAuth 1.0a, it can automatically correct that > problem by stripping the callback URL off the approval URL. If the > consumer code can't detect service provider version, then we're going > to end up in situations where different callback URLs are sent on both > the request token step and the approval step. Wouldn't the consumer detect that the SP supports the new flow by seeing that there is the callback_accepted parameter on the initial SP response? If not, it can repeat the request with the old flow. - johnk --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
