Hi, I recently implemented the 3-legged oauth as per the OAuth 1.0a specs. During the implementation I am finding some gaps in the specs for error scenarios. We have oauth_callback url to redirect the user to the consumer app after a successful user authorization. There are a number of exception cases where I am not sure what the oauth specs are:
1. What is the user interface or oauth interface, if the user denies the authorization 2. If there is system failure in presenting the authorization page to the user, should the service provide redirect to the same oauth_callback url of the consumer? 3. When the service provider receives a request for user authorization using the 'unauthorized' request token, if the token is invalid or expired should the service provider redirect to the oauth_callback url or send a 404 error? Appreciate your response. -- Regards --Mahesh -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
