> I thought this thread was about https://graph.facebook.com/btaylor returning > a HTTP redirect, not about following links returned within the result?
Opps. I started a separate thread then “crossed the beams” (I am not sure that there is a fundamental difference between redirects and other links in responses in this context). Are you suggesting the rule should be “always include a token when following an HTTP redirect”, and some other rule(s) for other links (perhaps application-specific)? This is possible (if the spec explicitly states it), but I think it is a dangerous approach and not a good match for other web technologies. -- James Manger
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
