This is the only open issue left before we can make the draft final: > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Eaton > Sent: Tuesday, May 05, 2009 4:20 PM
> Section 6.2: > > Consumers that need to maintain compatibility with both 1.0 and 1.0a > service providers are going to send oauth_callback on this step. We > should be explicit about how to handle backwards compatibility here or > we are going to end up with incompatible implementations. > Specifically: > - if the consumer sent the oauth_callback on the RT step, the > oauth_callback on the authorization URL should be ignored. > - if the consumer did not send the oauth_callback on the RT step, > the oauth_callback may be accepted if the SP wants to be compatible > with OAuth 1.0 > > Alternatively, we should give consumers a way to detect SP version, by > having the SP return oauth_callback_accepted=1 in the request token > response. I think this might be a better answer. We need to reach quick consensus on this proposal! This will only provide value if we make it required in the reply. EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
