The Consumer Request Extension addresses the very relevant use case of an OAuth Provider verifying a request from an OAuth consumer in which the context of an End User does not apply. IMHO, OAuth is valuable in both End User authorization and Request authentication of a consumer (and most often the End User resource in the request). The latest iteration made the oauth_token value required as an empty string. Is there a relevant purpose to this outside of convenience and conformity to existing libraries?
I feel that the Request Token OAuth request falls into the category of a "Consumer Request" and given that this request explicitly does not allow the oauth_token parameter, should not any OAuth provider end point that does not have a context of an End User (but still would prefer verification of the Consumer) be consistent and not require the oauth_token parameter? Thoughts? ~Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
