http://code.google.com/apis/calendar/faq.html#redirect_handling requires a consumer to repeat the original request (e.g. POST). The consumer must send either an S cookie or a gsessionid parameter from the redirect response, in this and subsequent requests in a session. I'm not sure what a 'session' is, but I guess requests on behalf of different users require different sessions. Each request must be correctly signed; so the second request must have a different oauth_signature if it has an added gsessionid parameter. It doesn't matter whether the second request has the same timestamp and nonce as the first.
Do other service providers redirect their consumers? On Aug 24, 10:18 am, Tim Fletcher <[email protected]> wrote: > The Google Calendar API does. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
