From f8808b076108bbc80e2e23e795c34bcdf817a183 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Thu, 7 Oct 2010 14:17:56 -0700
Subject: Added a comment about an open question:  Should we allow pin-based
 workflow for clients registered as web applications?

---
 actions/apioauthrequesttoken.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'actions/apioauthrequesttoken.php')

diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php
index 4f4c2c8fb..825460f93 100644
--- a/actions/apioauthrequesttoken.php
+++ b/actions/apioauthrequesttoken.php
@@ -87,7 +87,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
 
         try {
 
-            $req   = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request();
 
             // verify callback
             if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
@@ -137,6 +137,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
     {
         if ($callback == "oob") {
             common_debug("OAuth request token requested for out of bounds client.");
+
+            // XXX: Should we throw an error if a client is registered as a
+            // web application but requests the pin based workflow? For now I'm
+            // allowing the workflow to proceed and issuing a pin. --Zach
+
             return true;
         } else {
             return Validate::uri(
-- 
cgit v1.2.3-54-g00ecf