I'm currently implementing an OAuth 1.0 provider and have a question regarding token strings. One of my coworkers is of the opinion that we should not be generating new strings for the token credentials, but instead reusing the temporary token string, in order to reduce the odds of token collision. Every provider implementation and example workflow I've seen generates new tokens for this purpose, but "everyone else is doing it" is a pretty weak argument, and I've seen no discussion of this anywhere. Are there any reasons for not reusing the temporary token string we might be overlooking?
- Rob -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
