Added a comment about an open question: Should we allow pin-based
workflow for clients registered as web applications?
This commit is contained in:
parent
b8f2cc4e6f
commit
f8808b0761
|
@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
|
|||
$pin->showPage();
|
||||
} else {
|
||||
|
||||
// NOTE: This should probably never happen; trhow an error instead?
|
||||
// NOTE: This would only happen if an application registered as
|
||||
// a web application but sent in 'oob' for the oauth_callback
|
||||
// parameter. Usually web apps will send in a callback and
|
||||
// not use the pin-based workflow.
|
||||
|
||||
$info = new InfoAction(
|
||||
$title,
|
||||
|
|
|
@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
|
|||
{
|
||||
if ($callback == "oob") {
|
||||
common_debug("OAuth request token requested for out of bounds client.");
|
||||
|
||||
// XXX: Should we throw an error if a client is registered as a
|
||||
// web application but requests the pin based workflow? For now I'm
|
||||
// allowing the workflow to proceed and issuing a pin. --Zach
|
||||
|
||||
return true;
|
||||
} else {
|
||||
return Validate::uri(
|
||||
|
|
Loading…
Reference in New Issue
Block a user