On 4/1/10 11:29 AM, "Marius Scurtescu" <[email protected]> wrote:
> Also, not only the Authorization Server URLs can receive OAuth
> parameters in the query,
> the same applies to the client callback URL, and that one definitely
> can have random
> parameters.
We are discussing just the authorization endpoint, but if you look at the
current draft, it proposes we limit client customization of the callbacks to
the state parameter (i.e. No query allowed). This is a new. My take is that
either we use the state parameter or we use custom query parameters (with
prefix) but not both. I like the state parameter better (stronger interop
and easier to pre-register URIs).
EHL
>
> Marius
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
