In OAuth 1.0a the callback is moved to the requestToken endpoint, not the
authorization endpoint.

This is to prevent key fixation attacks.

On Fri, May 7, 2010 at 11:39 AM, Randy Hudson <randy.hud...@gmail.com>wrote:

> What happens if OAuth 1.0b comes out and iGoogle adopts it?  How does
> a Gadget indicate that it's oauth service conforms to OAuth 1.0, 1.0a,
> or whatever?
>
> It seems very unlikely that every gadget (and the oauth services it
> uses) and every gadget container would adopt OAuth X.Xx simultaneously.
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenSocial Application Development" group.
> To post to this group, send email to opensocial-...@googlegroups.com.
> To unsubscribe from this group, send email to
> opensocial-api+unsubscr...@googlegroups.com<opensocial-api%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/opensocial-api?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-...@googlegroups.com.
To unsubscribe from this group, send email to 
opensocial-api+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en.

Reply via email to