an empty redirectURL should not imply "oob"

[GoogleCodeExporter]

Currently, if you don't specify a RedirectURL in your oauth.Config, it gets 
interpreted as "oob" when constructing an AuthCodeURL.  While I get that this 
is a nice convenience for when you actually want out-of-band token exchange, it 
means that it's impossible (unless I'm missing something) to construct an 
AuthCodeURL that legitimately does not specify a redirect_url.  For example, 
GitHub will use the redirect_url registered for that client_id if none if 
specified.

Original issue reported on code.google.com by willnorris@google.com on 14 May 2013 at 7:46

[GoogleCodeExporter]

(just double checked, and redirect_uri is defined as optional in the OAuth2 
spec, so having a truly empty value is completely valid)

Original comment by willnorris@google.com on 14 May 2013 at 7:48

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Yep, this should be fixed. I think the correct fix is just removing the code 
that adds "oob". This may break existing users. I should probably issue a 
formal release of goauth2 soon.

Original comment by a...@golang.org on 3 Jun 2013 at 1:06

• Changed state: Accepted
• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

fixed in cf01a4ad4a2e

Original comment by willnorris@google.com on 5 Jun 2013 at 4:28

• Changed state: Fixed
• Added labels: ****
• Removed labels: ****