anonymsean / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Java library: OAuth Core 1.0a - 6.1.1. oauth_callback #109

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Section 6.1.1. states that:

If the Consumer is unable to receive callbacks or a callback URL has been
established via other means, the parameter value MUST be set to oob (case
sensitive), to indicate an out-of-band configuration.

However, I think that the Service Provider (Java) does not check for 'oob'
when callback is not provided.

Original issue reported on code.google.com by monisiq...@gmail.com on 19 Jun 2009 at 5:27

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
All the examples in http://oauth.googlecode.com/svn/code/java/example/ implement
OAuth 1.0, not 1.0a.  Fresher examples would be better.

Changing the core library 
http://oauth.googlecode.com/svn/code/java/core/provider/
might be incompatible with OAuth 1.0.  That's not desirable, but perhaps it's 
acceptable.

Using the current provider library, one can implement a 1.0a service provider by
writing code to check for the expected oauth_callback parameter.

Original comment by jmkrist...@gmail.com on 6 Jul 2009 at 9:30