GET /oauth/authorize doesn't validate oauth_token parameter #102

Open
evanp opened this Issue May 27, 2012 · 0 comments

Projects

None yet

1 participant

@evanp
Contributor
evanp commented May 27, 2012

If you pass no oauth_token, or an invalid oauth_token, to /oauth/authorize, the authenticate handler will be called regardless.

It may be useful to validate these before calling the authenticate handler.

Another option is to let the authenticate handler do the validation (which I think is the design right now).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment