@Manish, @Ricardo
But point 6.3.2 the spec says:
The Service Provider MUST ensure that:
* The Request Token has never been exchanged for an Access Token.
Doesn't this behavior of myspace and Twitter violate this?
Thanks,
Monis
On Jul 23, 2:39 am, Ricardo Lopes <[email protected]> wrote:
> Twitter also seems to behave in the same way.
>
> The request token can only be exchanged for an access token once, but
> different request tokens may return the same access token until the user
> revokes the token / uninstalls the application.
>
> 2009/7/22 Manish Pandit <[email protected]>
>
>
>
>
>
> > On Jul 18, 5:04 am, Monis <[email protected]> wrote:
> > > Twitter, MySpace return us same access token when using the one
> > > consumer with the same user, multiple times.
> > > Is this OK from oauth standards? as the specs state that a request
> > > token can only be exchanged once for an access token.
>
> > I'd think that it should be fine as long as the token is not timing
> > out, or is being explicitly revoked by the consumer/user.
>
> > -cheers,
> > Manish
>
> --
>
> Ricardo Lopes
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
