No. That's what we are discussing... the need to add something like that. EHL
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Jonathan Sergent > Sent: Wednesday, May 06, 2009 9:48 AM > To: [email protected] > Subject: [oauth] Re: OAuth Core 1.0 Rev A, Draft 2 > > > The callback_accepted parameter isn't part of the draft spec, is it? > > On Wed, May 6, 2009 at 9:40 AM, John Kemp <[email protected]> wrote: > > > > On May 6, 2009, at 11:49 AM, Brian Eaton wrote: > > > > [...] > > > >> However, existing clients have hardcoded callback URLs on their > >> approval URLs. If the consumer code can detect that the service > >> provider supports OAuth 1.0a, it can automatically correct that > >> problem by stripping the callback URL off the approval URL. If the > >> consumer code can't detect service provider version, then we're > going > >> to end up in situations where different callback URLs are sent on > both > >> the request token step and the approval step. > > > > Wouldn't the consumer detect that the SP supports the new flow by > > seeing that there is the callback_accepted parameter on the initial > SP > > response? If not, it can repeat the request with the old flow. > > > > - johnk > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
