I hope someone can clarify something inside OAuth that is not entirely clear (for me). What happens if I have a request_token that has already been authorized but not the access_token ? Should the consumer redirect to the authorization url and return without any user interaction to the callback with a verifier ? What if it's a desktop app without a callback url ? Should I store permanently the access_token data and base everything on expiration ?
ngw -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
