Hi, Recently a colleague who is starting an implementation of OAuth asked me many questions about the design rationale of many of the steps involved in the OAuth protocol. I found a number of mailing list threads discussing the importance of each step and why it is present. If there's interest I can consolidate them into an FAQ.
There was one suggestion that my colleague presented that I did not find an answer for: * Can one skip the access token exchange step and instead have the access token and access secret communicated to the consumer via the callback URL? (assuming OAuth 1.0a with signed callback URLs) Thanks Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
