joelverhagen/oauth_quirks.md

## oauth_quirks.md

      
    Raw
  

              oauth_quirks.md
            
          
    OAuth Quirks:

People just can't agree on things. Google and Facebook are doing the best, with OAuth 2.0 (and following the standards pretty well). Here is a list of various common OAuth providers that I've worked with... and found some little problems with.
GitHub


user_denied instead of access_denied

This is an email I got concerning this issue.
// Please reply above this line
==================================================
From: Wynn Netherland
Subject: GitHub API not conforming to OAuth 2.0 spec

Hi, Joel. Thanks for reporting. We try to keep up with the evolving spec and it looks like we need to change that. Keep an eye on the developer docs for updates.

---
Wynn Netherland
Developer, GitHub

==================================================
Reply with #ignore to stop receiving notifications for this discussion.

Twitter


OAuth 1.0a

Flickr


OAuth 1.0a
does not redirect on deny

Dropbox


OAuth 1.0 (a?)
oauth_token instead of oauth_verifier
oauth_callback to authorize, instead of request_token
does not redirect on deny

LinkedIn


OAuth 1.0a
does not have any indication of deny, except no oauth_verifier (link)

Tumblr


OAuth 1.0a
does not have any indication of deny, except no oauth_verifier

Bitbucket


OAuth 1.0a
no deny UI

Yahoo


OAuth 1.0
no custom port (link)
must sign up for at least one scope (link)
no deny UI

TODO:


check each whether a callback can be provided in dev panel