Assignee
David Larlet
Type
bug
Priority
major
Status
invalid
Watchers
2

A verifier code should be created if callback isn't provided

afedoseev avatarafedoseev created an issue

The OAuth spec states that:

"If the Consumer did not provide a callback URL, the Service Provider SHOULD display the value of the verification code, and instruct the User to manually inform the Consumer that authorization is completed. If the Service Provider knows a Consumer to be running on a mobile device or set-top box, the Service Provider SHOULD ensure that the verifier value is suitable for manual entry."

With current implementation the verifier code is generated only if callback was provided and verified. So it doesn't allow to display the verifier value if the callback is missing.

The attached patch fixes that.

Comments (2)

  2. David Larlet

    Hello,

    I'm not sure I get it since the stores.py file is not used anymore?

    I removed it and added a test for the "not provided callback URL" aka. oob, let me know if it makes sense to you.

    David

  3. Log in to comment »
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.