The OAuth 1.0a spec is a little unclear about this so I thought I'd ask. When sending oauth params via the Authorization header, where does oauth_callback go? With the rest of the OAuth params in the header, or where the API params would go (i.e. query string or post data)?
HTTP Auth header feels like the right choice (keep all "oauth_" together) but there isn't a definitive answer in the spec. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
