Just two quick questions for clarity: 1.) Do I understand "Signed Callback URLs" correctly in that "signed" here has nothing to do with generating a signature as described in 1.0?
2.) Does "Signed Callback URLs" in essence mean that the Service Provider returns a unique vetifier (= an arbitrary string) after authorization that is therefore only known to the honest consumer/user and must be send back to the provider when requesting the Access token? Did I get all of this right? And: What's the current status of OAuth 1.0a. Is 1.0a an official version or is it still draft? Thanks, -Ralf --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
