Added a comment about an open question: Should we allow pin-based
workflow for clients registered as web applications?
This commit is contained in:
parent
b8f2cc4e6f
commit
f8808b0761
|
@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
|
||||||
$pin->showPage();
|
$pin->showPage();
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// NOTE: This should probably never happen; trhow an error instead?
|
// NOTE: This would only happen if an application registered as
|
||||||
|
// a web application but sent in 'oob' for the oauth_callback
|
||||||
|
// parameter. Usually web apps will send in a callback and
|
||||||
|
// not use the pin-based workflow.
|
||||||
|
|
||||||
$info = new InfoAction(
|
$info = new InfoAction(
|
||||||
$title,
|
$title,
|
||||||
|
|
|
@ -87,7 +87,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
$req = OAuthRequest::from_request();
|
$req = OAuthRequest::from_request();
|
||||||
|
|
||||||
// verify callback
|
// verify callback
|
||||||
if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
|
if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
|
||||||
|
@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
|
||||||
{
|
{
|
||||||
if ($callback == "oob") {
|
if ($callback == "oob") {
|
||||||
common_debug("OAuth request token requested for out of bounds client.");
|
common_debug("OAuth request token requested for out of bounds client.");
|
||||||
|
|
||||||
|
// XXX: Should we throw an error if a client is registered as a
|
||||||
|
// web application but requests the pin based workflow? For now I'm
|
||||||
|
// allowing the workflow to proceed and issuing a pin. --Zach
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return Validate::uri(
|
return Validate::uri(
|
||||||
|
|
Loading…
Reference in New Issue
Block a user