People just can't agree on things. Google and Facebook are doing the best, with OAuth 2.0 (and following the standards pretty well). Here is a list of various common OAuth providers that I've worked with... and found some little problems with.
user_denied
instead ofaccess_denied
This is an email I got concerning this issue.
// Please reply above this line
==================================================
From: Wynn Netherland
Subject: GitHub API not conforming to OAuth 2.0 spec
Hi, Joel. Thanks for reporting. We try to keep up with the evolving spec and it looks like we need to change that. Keep an eye on the developer docs for updates.
---
Wynn Netherland
Developer, GitHub
==================================================
Reply with #ignore to stop receiving notifications for this discussion.
- OAuth 1.0a
- OAuth 1.0a
- does not redirect on deny
- OAuth 1.0 (a?)
oauth_token
instead ofoauth_verifier
oauth_callback
to authorize, instead ofrequest_token
- does not redirect on deny
- OAuth 1.0a
- does not have any indication of deny, except no
oauth_verifier
(link)
- OAuth 1.0a
- does not have any indication of deny, except no
oauth_verifier
- OAuth 1.0a
- no deny UI
- check each whether a callback can be provided in dev panel