On Mon, Apr 19, 2010 at 2:24 PM, Eran Hammer-Lahav wrote:
>
>> -Original Message-
>> From: Marius Scurtescu [mailto:mscurte...@google.com]
>> Sent: Monday, April 19, 2010 1:58 PM
>> To: Eran Hammer-Lahav
>> Cc: Dick Hardt; OAuth WG
>> Subject: Re
> -Original Message-
> From: Marius Scurtescu [mailto:mscurte...@google.com]
> Sent: Monday, April 19, 2010 1:58 PM
> To: Eran Hammer-Lahav
> Cc: Dick Hardt; OAuth WG
> Subject: Re: [OAUTH-WG] Issue: state in web server flow
>
> On Mon, Apr 19, 2010 at 11:
On Mon, Apr 19, 2010 at 11:53 AM, Eran Hammer-Lahav wrote:
>
>
>> -Original Message-
>> From: Marius Scurtescu [mailto:mscurte...@google.com]
>> Sent: Monday, April 19, 2010 10:18 AM
>
>> I don't think it is possible to enforce callbacks without any query
>> parameters.
>> See the Drupal
> -Original Message-
> From: Marius Scurtescu [mailto:mscurte...@google.com]
> Sent: Monday, April 19, 2010 10:18 AM
> I don't think it is possible to enforce callbacks without any query
> parameters.
> See the Drupal example.
In the Drupal example the client server adds its silly para
t;> Sent: Sunday, April 18, 2010 9:20 PM
>>> To: OAuth WG
>>> Subject: [OAUTH-WG] Issue: state in web server flow
>>>
>>> Why was the state parameter removed from the web server flow?
>>
>> I didn't want to both define a state parameter *and*
gt; >> Sent: Sunday, April 18, 2010 9:20 PM
> >> To: OAuth WG
> >> Subject: [OAUTH-WG] Issue: state in web server flow
> >>
> >> Why was the state parameter removed from the web server flow?
> >
> > I didn't want to both define a state
On 2010-04-18, at 10:28 PM, Eran Hammer-Lahav wrote:
>
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Dick Hardt
>> Sent: Sunday, April 18, 2010 9:20 PM
>> To: OAuth WG
>> Subject:
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Dick Hardt
> Sent: Sunday, April 18, 2010 9:20 PM
> To: OAuth WG
> Subject: [OAUTH-WG] Issue: state in web server flow
>
> Why was the state parameter removed from
Why was the state parameter removed from the web server flow?
Some AS may require the entire redirect URI to be registered, so the state
parameter allows a client to maintain state across calls.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org