Hi Paul, I've written a document that tries to address these sorts of questions: <http://tools.ietf.org/html/oauth-model> Please let me know whether that's helpful.
--Richard On Thu, Jul 23, 2009 at 2:14 PM, Paul Lindner<[email protected]> wrote: > Hi, > Recently a colleague who is starting an implementation of OAuth asked me > many questions about the design rationale of many of the steps involved in > the OAuth protocol. I found a number of mailing list threads discussing the > importance of each step and why it is present. If there's interest I can > consolidate them into an FAQ. > There was one suggestion that my colleague presented that I did not find an > answer for: > * Can one skip the access token exchange step and instead have the access > token and access secret communicated to the consumer via the callback URL? > (assuming OAuth 1.0a with signed callback URLs) > Thanks > Paul > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
