From: Zach Copley Date: Thu, 7 Oct 2010 21:17:56 +0000 (-0700) Subject: Added a comment about an open question: Should we allow pin-based X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f8808b076108bbc80e2e23e795c34bcdf817a183;p=quix0rs-gnu-social.git Added a comment about an open question: Should we allow pin-based workflow for clients registered as web applications? --- diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index d0b6211400..ea5c30c2ac 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action $pin->showPage(); } else { - // NOTE: This should probably never happen; trhow an error instead? + // NOTE: This would only happen if an application registered as + // a web application but sent in 'oob' for the oauth_callback + // parameter. Usually web apps will send in a callback and + // not use the pin-based workflow. $info = new InfoAction( $title, diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php index 4f4c2c8fb2..825460f93c 100644 --- a/actions/apioauthrequesttoken.php +++ b/actions/apioauthrequesttoken.php @@ -87,7 +87,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction try { - $req = OAuthRequest::from_request(); + $req = OAuthRequest::from_request(); // verify callback if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) { @@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction { if ($callback == "oob") { common_debug("OAuth request token requested for out of bounds client."); + + // XXX: Should we throw an error if a client is registered as a + // web application but requests the pin based workflow? For now I'm + // allowing the workflow to proceed and issuing a pin. --Zach + return true; } else { return Validate::uri(