wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added a comment about an open question: Should we allow pin-based

Browse Source 
workflow for clients registered as web applications?
This commit is contained in:
Zach Copley 2010-10-07 14:17:56 -07:00
parent b8f2cc4e6f
commit f8808b0761
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
actions/apioauthauthorize.php
View File

@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
$pin->showPage(); $pin->showPage();
} else { } else {
// NOTE: This should probably never happen; trhow an error instead? // NOTE: This would only happen if an application registered as
// a web application but sent in 'oob' for the oauth_callback
// parameter. Usually web apps will send in a callback and
// not use the pin-based workflow.
$info = new InfoAction( $info = new InfoAction(
$title, $title,

5
actions/apioauthrequesttoken.php
View File

@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
{ {
if ($callback == "oob") { if ($callback == "oob") {
common_debug("OAuth request token requested for out of bounds client."); common_debug("OAuth request token requested for out of bounds client.");
// XXX: Should we throw an error if a client is registered as a
// web application but requests the pin based workflow? For now I'm
// allowing the workflow to proceed and issuing a pin. --Zach
return true; return true;
} else { } else {
return Validate::uri( return Validate::uri(