A couple of comments on this profile. 1) Error URL
I noticed that there was wide consensus that returning a captcha-specific error was not going to be useful. That matches our experience with ClientLogin [1] - very few developers properly handle captcha. And if a developer is sophisticated enough to handle Captchas, I would rather they just used a web browser in the first place. However, lots of developers do tell users to visit the URL we return in our error response. This is often sufficient to resolve whatever problems are happening with the user’s account. So I’d like to see an optional “url” parameter returned with the “invalid_credentials” error code. Clients should instruct the user to visit that URL. 2) Is anyone actually going to implement this flow and not return a refresh token? Cheers, Brian [1] http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
