[OSM-dev] OAuth down
Tom Hughes
tom at compton.nu
Sat Nov 19 17:48:14 GMT 2011
On 19/11/11 12:00, Pierre GIRAUD wrote:
> As already said, I don't claim any specific version. Which is somewhat
> wrong. Or maybe the library I use does it for me.
That is actually valid as 1.0 is the default, and 1.0a doesn't actually
use a separate version - it is triggered by the presence of the callback
parameter when creating a request token.
You were in fact correct that I had broken 1.0a last night when I fixed
the 1.0 callback handling... That is now fixed, and we have 240 new
assertions in our test suite to try and make sure we don't break OAuth
again in the future.
For the record you should use 1.0a if possible as 1.0 has security
issues and we should really stop allowing it - we just need to make
Potlatch and JOSM use 1.0a first...
Tom
--
Tom Hughes (tom at compton.nu)
http://compton.nu/
More information about the dev
mailing list