Closed ahadinyoto closed 10 years ago
In the example/application.rb the expected initial request as given in the commented line is:
# /oauth/authorize?response_type=token&client_id=...
With RFC 6749 section 4.1.1 , the only allowable response_type is code.
response_type
code
I'm using Omniauth-OAuth2 which seems to adhere to the current RFC standard which won't allow the response_type to be changed to anything else. This has affected the flow in the example/application.rb.
Reference: http://stackoverflow.com/questions/6354262/omniauth-cant-change-response-type-to-token-in-strategy
This library implements draft-10, which allows code, token, and code_and_token. The RFC allows code and token -- see section 3.1.1.
token
code_and_token
Noted that. Thanks for the clarification.
In the example/application.rb the expected initial request as given in the commented line is:
With RFC 6749 section 4.1.1 , the only allowable
response_type
iscode
.I'm using Omniauth-OAuth2 which seems to adhere to the current RFC standard which won't allow the
response_type
to be changed to anything else. This has affected the flow in the example/application.rb.Reference: http://stackoverflow.com/questions/6354262/omniauth-cant-change-response-type-to-token-in-strategy