Do OAuth service providers redirect consumers? I mean send HTTP status code 301, 302, 303 or 307 in response to a request for a token or access to a protected resource. If the first request wasn't a GET, should the consumer fail, send a GET or repeat the original method (e.g. POST)? If a consumer follows the redirect, should it generate a new timestamp, nonce and signature for the new request?
I'd like to develop a Java library to make it easy to handle redirection, but I'm not sure what it should do. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
