I would pass a verifier, perhaps oauth_verifier=placeholder. I imagine a careless consumer might behave badly if the verifier is absent.
On Jul 13, 4:48 pm, Richard Wallace <[email protected]> wrote: > The OAuth spec section 6.2.3 states that "If the User denies access, > the Consumer MAY be notified that the Request Token has been revoked." > At first I was thinking that I would just flag the request token as > being denied on the service provider and then when the consumer tries > to swap tokens specify that the oauth_problem is permission_denied. > But when the service provider redirects the user to the consumer > callback URI, should I still pass the verifier parameter or not > bother? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
