So does that mean the following oauth_verifier will be sent to
Consumer and User for User to manually verify the call back? I'm
confused how oauth_verifier works with / without callback value. Can
someone explain in more detail how it supposes to work ? thanks.
"After the User authenticates with the Service Provider and grants
permission for Consumer access, the Consumer MUST be notified that the
Request Token has been authorized and ready to be exchanged for an
Access Token. If the User denies access, the Consumer MAY be notified
that the Request Token has been revoked.
To make sure that the User granting access is the same User returning
back to the Consumer to complete the process, the Service Provider
MUST generate a verification code: an unguessable value passed to the
Consumer via the User and REQUIRED to complete the process.
If the Consumer provided a callback URL (using the oauth_callback
parameter in Section 6.1.1 (Consumer Obtains a Request Token) or by
other means), the Service Provider uses it to constructs an HTTP
request, and directs the User's web browser to that URL with the
following parameters added:
oauth_token:
The Request Token the User authorized or denied.
oauth_verifier:
The verification code.
The callback URL MAY include Consumer provided query parameters. The
Service Provider MUST retain them unmodified and append the OAuth
parameters to the existing query.
If the Consumer did not provide a callback URL, the Service Provider
SHOULD display the value of the verification code, and instruct the
User to manually inform the Consumer that authorization is completed.
If the Service Provider knows a Consumer to be running on a mobile
device or set-top box, the Service Provider SHOULD ensure that the
verifier value is suitable for manual entry. "
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
