Added a comment about an open question: Should we allow pin-based

workflow for clients registered as web applications?
This commit is contained in:
Zach Copley 2010-10-07 14:17:56 -07:00
parent b8f2cc4e6f
commit f8808b0761
2 changed files with 10 additions and 2 deletions

View File

@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
$pin->showPage();
} else {
// NOTE: This should probably never happen; trhow an error instead?
// NOTE: This would only happen if an application registered as
// a web application but sent in 'oob' for the oauth_callback
// parameter. Usually web apps will send in a callback and
// not use the pin-based workflow.
$info = new InfoAction(
$title,

View File

@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
{
if ($callback == "oob") {
common_debug("OAuth request token requested for out of bounds client.");
// XXX: Should we throw an error if a client is registered as a
// web application but requests the pin based workflow? For now I'm
// allowing the workflow to proceed and issuing a pin. --Zach
return true;
} else {
return Validate::uri(