I'm new to OAuth, I'm using the oauth2 library on Python to get my work done.
Currently when I receive a callback from the server, the parameters come in the URL as:
http://mydomain/?oauth_verifier=(SOME_DATA)&oauth_token=(SOME_DATA)&oauth_callback_confirmed=true
I'm wondering if it's possible to instruct the server to somehow POST those parameters (oauth_verifier, oauth_token, oauth_callback_confirmed) to me as a callback and not show them in the URL (as a GET request)?
Thank you!
No, it is not possible to encode the callback parameters as a POST request. The OAuth 1.0 Spec says that the provider issues an HTTP Redirect to the callback URL:
If the Consumer provided a callback URL in oauth_callback (as described in Consumer Directs the User to the Service Provider), the Service Provider constructs an HTTP GET request URL, and redirects the User’s web browser to that URL with the following parameters:
Since an HTTP Redirect can only be a GET, not a POST, your callback can only contain the parameters in the URL.
