Hi, The specifications don't really describe cases whereby header redirects are being sent to the consumer in a response to a private resource (for instance, Google does this to append a session parameter).
Are there any guidelines how the consumer should respond? At the moment, I intercept the header redirect and treat it as a completely new url, signed with a fresh set of OAuth parameters. There's one gotcha: If POST is used to pass the Oauth parameters, should the consumer perform another POST on the redirection? Taking Google as my reference, when using GET to pass the OAuth parameters, is it right for them to pass all those parameters back to me together with their session parameter ? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
