Added a comment about an open question: Should we allow pin-based
workflow for clients registered as web applications?
This commit is contained in:
parent
b8f2cc4e6f
commit
f8808b0761
@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
|
||||
$pin->showPage();
|
||||
} else {
|
||||
|
||||
// NOTE: This should probably never happen; trhow an error instead?
|
||||
// NOTE: This would only happen if an application registered as
|
||||
// a web application but sent in 'oob' for the oauth_callback
|
||||
// parameter. Usually web apps will send in a callback and
|
||||
// not use the pin-based workflow.
|
||||
|
||||
$info = new InfoAction(
|
||||
$title,
|
||||
|
@ -87,7 +87,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
|
||||
|
||||
try {
|
||||
|
||||
$req = OAuthRequest::from_request();
|
||||
$req = OAuthRequest::from_request();
|
||||
|
||||
// verify callback
|
||||
if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
|
||||
@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
|
||||
{
|
||||
if ($callback == "oob") {
|
||||
common_debug("OAuth request token requested for out of bounds client.");
|
||||
|
||||
// XXX: Should we throw an error if a client is registered as a
|
||||
// web application but requests the pin based workflow? For now I'm
|
||||
// allowing the workflow to proceed and issuing a pin. --Zach
|
||||
|
||||
return true;
|
||||
} else {
|
||||
return Validate::uri(
|
||||
|
Loading…
Reference in New Issue
Block a user