I am working with integrating Windows Azure with Bitbucket and have the following request. When presented with OAuth page, if user accepts (allows), the callback happens with proper oauth_token. It would be nice, when user denies (cancels), the callback also happen with empty oauth_token (currently, no callback at all).
In the OAuth1.0a spec (http://oauth.net/core/1.0a/), it mentioned that the Consumer may be notified in such event - so it is upto implementors.
This would enable application to handle and proceed appropriately. GitHub (OAuth2.0)/CodePlex(OAuth1.0a) do exactly that.