OAuth Redeux

J. Adam Moore with a smart solution to the problem of session fixation attacks in the OAuth flow.

Most importantly, this solution does not add additional steps for the User or unduly burden either the Provider or Consumer. By placing the generation of a request token between two automatic redirects to secure pages on both sites we eliminate poisoning the stream while still allowing optional secure dynamic callbacks with the final authorization token.