While considering what goes into OAuth 2.0 I'd like to incorporate this user story:
Application redirects user to Authorization page. User presses [Cancel|Deny| etc.] In this case the behavior is undefined by the spec. In actual practice we have: * Twitter redirect to the callback URL with a denied GET parameter * Hyves sends back an access token with an error property and a request URL * LinkedIn redirects the user to a specific App-supplied URL. It seems that redirecting and setting error states from the OAuth Error Reporting extension would be the best way to go. Thoughts?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
