Some discussion about various SP behaviors happened here: http://www.mail-archive.com/[email protected]/msg00002.html.
In general SP behavior on resource requests is out of scope for the OAuth spec. It's the Wild Wild Web. On Thu, May 14, 2009 at 2:55 AM, Jack <[email protected]> wrote: > The specifications don't really describe cases whereby header > redirects are being sent to the consumer in a response to a private > resource (for instance, Google does this to append a session > parameter). > > Are there any guidelines how the consumer should respond? At the > moment, I intercept the header redirect and treat it as a completely > new url, signed with a fresh set of OAuth parameters. There's one > gotcha: > > If POST is used to pass the Oauth parameters, should the consumer > perform another POST on the redirection? > > Taking Google as my reference, when using GET to pass the OAuth > parameters, is it right for them to pass all those parameters back to > me together with their session parameter ? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
