Add oauth 2.0 state field as a parameter to requestAccessUri #58
Conversation
|
@bschwind fix me Sorry. sbt test doesn't work now. Because some tests depends on GitHub account status. About this PR, please modify method signature to use Option. def requestAccessUri(state: Option[String] = None, scope: String*) = {because your implementation might cause dangerous situation. val url = oauth.requestAccessUri("user", "repo")Above code specifies "user" and "repo" for scope. However, after your modification, above code means and to make matter worse, there is no chance for developers to be aware of this bug. To use Option and default parameter, I think we can avoid this situation. |
|
@shunjikonishi Unfortunately I don't think Scala allows that kind of method signature Do you think I should just make an overloaded method that takes a state parameter instead? |
|
Actually, overloading will also be confusing, so I think a new method with a different name is probably the best way to approach this. |
|
Ah, sorry. please remove default parameter. We can detect the problem by compile error, when we update lib. |
|
@shunjikonishi does anyone outside of givery use this library? |
|
I don't know. But probably not. (This library is not published to maven-central or typesafe) |
|
@shunjikonishi I think it's better to not touch the original method and just add an overloaded version. That way we won't break any older users of this library, and we can start using the state parameter. |
|
I'll merge this. |
@shunjikonishi please review
In order for an application to properly check the oauth
stateparameter, it needs to generate the field by itself and pass it in to the OAuth URL generation function. This is similar to how facebook4j handles it: http://facebook4j.org/javadoc/facebook4j/auth/OAuthSupport.html#getOAuthAuthorizationURL(java.lang.String, java.lang.String)sbt testwas failing for me before I made any changes, so I'm not sure if this breaks any tests or not.