@Blaine: I think it was planned this way, the access is controlled per application, not application instance. @Monis: imagine an application "AAP1" that requests a request token "RT1", that is exchanged for an access token "AT1". You can't exchange the request token "RT1" for another access token, is only usable one time. But the same application "APP1" can request another request token "RT2" an when you exchange it, and the provider may give you the same token "AT1" or another token "AT2".
2009/7/23 Monis <[email protected]> > > @Blaine good point but I won't agree with the feature part :) but it > depends upon the use case. > We can broaden the scope of your example by considering the > application deployed on mobile devices. > > @Luca true, but it's like reading between the lines. Difference being > 'implementation following the spec' and 'implementation being spec > compatible'. In this case it's latter. Both are correct though. > > > On Jul 23, 11:04 pm, Blaine Cook <[email protected]> wrote: > > It's fine to do this. The one place where it might be a problem is in > > the case where a user has multiple computers with the same desktop > > application installed on each computer. If all applications have the > > same access token, then it's not possible to revoke access to one > > without revoking access to all of them. That could be considered a > > feature, though, so it's really up to the service provider to decide > > their preferred behaviour. > > > > b. > > > > 2009/7/23 Luca Mearelli <[email protected]>: > > > > > > > > > On Thu, Jul 23, 2009 at 5:08 PM, Monis<[email protected]> wrote: > > > > >> @Manish, @Ricardo > > > > >> But point 6.3.2 the spec says: > > > > >> The Service Provider MUST ensure that: > > >> * The Request Token has never been exchanged for an Access Token. > > > > >> Doesn't this behavior of myspace and Twitter violate this? > > > > > I'd say that the behavior doesn't violate the spec, as 6.3.2 doesn't > > > say that an Access Token couldn't be exchanged for many Request Tokens > > > > > Luca > > > > > > > -- Ricardo Lopes --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
