Hi! I would like to see this issue addressed in the next iteration of OAuth. For one internal scenario in which we have deployed OAuth we have come up with a solution in which apart from oauth_callback another error_callback parameter is passed - in case of failure the user will be redirected to that one instead.
Regards, Lukas Rosenstock 2010/2/21 Mahesh Venkat <[email protected]> > Hi, > > I recently implemented the 3-legged oauth as per the OAuth 1.0a specs. > During the implementation I am finding some gaps in the specs for error > scenarios. > We have oauth_callback url to redirect the user to the consumer app after a > successful user authorization. There are a number of exception cases where I > am not sure what the oauth specs are: > > > 1. What is the user interface or oauth interface, if the user denies > the authorization > 2. If there is system failure in presenting the authorization page to > the user, should the service provide redirect to the same oauth_callback > url of the consumer? > 3. When the service provider receives a request for user authorization > using the 'unauthorized' request token, if the token is invalid or expired > should the service provider redirect to the oauth_callback url or send a > 404 > error? > > Appreciate your response. > > -- > Regards > --Mahesh > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- http://lukasrosenstock.net/ -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
