We already had one developer try it out and get confused because the server tried to treat the callback URL as a JSONP callback.
The protected resource typically accepts "callback" as a parameter to support JSONP. If a developer accidentally passes in callback there (maybe they got confused) then the server can't give a normal error message - instead it needs to either detect that it looks like a URL or otherwise reject it. On a related note, I think it's more confusing calling it something different in the user-agent flow (redirector) when it's essentially doing the same thing. From: [email protected] [mailto:[email protected]] On Behalf Of Eran Hammer-Lahav Sent: Thursday, April 15, 2010 5:37 AM To: Naitik Shah; OAuth WG Subject: Re: [OAUTH-WG] Rename callback => callback_uri I don't think it is that confusing. Its a completely different context from where JSON-P is used (note that in the User-Agent flow it is called something else). EHL On 4/10/10 12:35 PM, "Naitik Shah" <[email protected]> wrote: With the simplified params, the callback url parameter is now just "callback". Since most major API providers already use "callback" to signify JSON-P callback, can we rename this to "callback_uri"? This will help avoid collisions and confusion. -Naitik _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
