> As a reminder, it's proper OAuth to always send an oauth_callback on the request token step of OAuth negotiation -- even if you've preregistered a callback or are using the PIN code/out-of-band flow (in which case you would send oauth_callback=oob).
Taylor,
As a user of xauth, I do not currently send "oauth_callback=oob". I think this is because xauth does not participate in the negotiation for a temporary credential. (See: <http://tools.ietf.org/html/rfc5849> section 2.1.). Is this your understanding? Or do xauth users need to include this callback in our request for our permanent access token?
Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
a...@DDG.com, +1 (512) 750-7596
"We did not come to fear the future.
We came here to shape it."
-- President Barack Obama, Sept. 2009