GET /oauth/authorize doesn't validate oauth_token parameter #102

evanp opened this Issue May 27, 2012 · 0 comments


None yet

1 participant

evanp commented May 27, 2012

If you pass no oauth_token, or an invalid oauth_token, to /oauth/authorize, the authenticate handler will be called regardless.

It may be useful to validate these before calling the authenticate handler.

Another option is to let the authenticate handler do the validation (which I think is the design right now).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment