Closed waynerobinson closed 11 years ago
No, draft-10 says that for response_type=token
all response params must be returned in the URL fragment. What do you mean about the key?
Never mind, I think I worked it all out. It was just my misunderstanding of some of the new V2.0 OAuth elements.
Is the code at the following correct? https://github.com/songkick/oauth2-provider/blob/master/lib/songkick/oauth2/provider/authorization.rb#L100
It seems to be redirecting to:
however, shouldn't this be:
and shouldn't the key be
oauth_token
instead ofcode
or am I missing something?