Added a comment about an open question: Should we allow pin-based

workflow for clients registered as web applications?
author: Zach Copley <zach@status.net> 2010-10-07 14:17:56 -0700
committer: Zach Copley <zach@status.net> 2010-10-07 14:19:42 -0700
commit: f8808b076108bbc80e2e23e795c34bcdf817a183 (patch)
tree: 261f800e961e45017dd0a2a3f70389465726c593 /actions/apioauthrequesttoken.php
parent: b8f2cc4e6f121f4ffacefb6fe632beb3b25eb126 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php
index 4f4c2c8fb..825460f93 100644
--- a/actions/apioauthrequesttoken.php
+++ b/actions/apioauthrequesttoken.php
@@ -87,7 +87,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
 
         try {
 
-            $req   = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request();
 
             // verify callback
             if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
@@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
     {
         if ($callback == "oob") {
             common_debug("OAuth request token requested for out of bounds client.");
+
+            // XXX: Should we throw an error if a client is registered as a
+            // web application but requests the pin based workflow? For now I'm
+            // allowing the workflow to proceed and issuing a pin. --Zach
+
             return true;
         } else {
             return Validate::uri(
author	Zach Copley <zach@status.net>	2010-10-07 14:17:56 -0700
committer	Zach Copley <zach@status.net>	2010-10-07 14:19:42 -0700
commit	f8808b076108bbc80e2e23e795c34bcdf817a183 (patch)
tree	261f800e961e45017dd0a2a3f70389465726c593 /actions/apioauthrequesttoken.php
parent	b8f2cc4e6f121f4ffacefb6fe632beb3b25eb126 (diff)