On Thu, Jul 23, 2009 at 5:08 PM, Monis<[email protected]> wrote: > > @Manish, @Ricardo > > But point 6.3.2 the spec says: > > The Service Provider MUST ensure that: > * The Request Token has never been exchanged for an Access Token. > > Doesn't this behavior of myspace and Twitter violate this?
I'd say that the behavior doesn't violate the spec, as 6.3.2 doesn't say that an Access Token couldn't be exchanged for many Request Tokens Luca --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
