Why wouldn't the client send the token with the new request? If I'm trying to access https://api.example.com/pr?access_token=loin21op and I get a 301 response, I'll need to follow that if I want any chance of accessing the protected resource.
Maybe we're saying the same thing? On Thu, May 6, 2010 at 10:21 PM, Manger, James H < james.h.man...@team.telstra.com> wrote: > How should an OAuth client app behave when it gets an HTTP redirect on > requesting a protected resource? > > Similarly, how should it behave when it follows any other link in a > response? > > > > Obviously it should make a new request to the URI in the redirect or link — > that is normal HTTP and hypertext behaviour. > > The question is does the token get sent with the new request? > > > > > > I think the spec needs to provide an answer, even if it isn’t my suggestion > of an “sites” list when a token is issued. > > > > -- > > James Manger > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
