Added a comment about an open question: Should we allow pin-based

workflow for clients registered as web applications?
author: Zach Copley <zach@status.net> 2010-10-07 14:17:56 -0700
committer: Zach Copley <zach@status.net> 2010-10-07 14:19:42 -0700
commit: f8808b076108bbc80e2e23e795c34bcdf817a183 (patch)
tree: 261f800e961e45017dd0a2a3f70389465726c593 /actions/apioauthauthorize.php
parent: b8f2cc4e6f121f4ffacefb6fe632beb3b25eb126 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index d0b621140..ea5c30c2a 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -464,7 +464,10 @@ class ApiOauthAuthorizeAction extends Action
             $pin->showPage();
         } else {
 
-            // NOTE: This should probably never happen; trhow an error instead?
+            // NOTE: This would only happen if an application registered as
+            // a web application but sent in 'oob' for the oauth_callback
+            // parameter. Usually web apps will send in a callback and
+            // not use the pin-based workflow.
 
             $info = new InfoAction(
                 $title,
author	Zach Copley <zach@status.net>	2010-10-07 14:17:56 -0700
committer	Zach Copley <zach@status.net>	2010-10-07 14:19:42 -0700
commit	f8808b076108bbc80e2e23e795c34bcdf817a183 (patch)
tree	261f800e961e45017dd0a2a3f70389465726c593 /actions/apioauthauthorize.php
parent	b8f2cc4e6f121f4ffacefb6fe632beb3b25eb126 (diff)