Permalink
Browse files

Merge pull request #58 from 13k/master

Omit client_secret from the authorization url
  • Loading branch information...
2 parents 4321b76 + 02627eb commit 65f723ae9f328d2b429d977af6a9a719b6e3ebd8 @shayne shayne committed Feb 21, 2013
Showing with 21 additions and 4 deletions.
  1. +7 −1 lib/instagram/oauth.rb
  2. +14 −3 spec/instagram/api_spec.rb
View
@@ -4,7 +4,7 @@ module OAuth
# Return URL for OAuth authorization
def authorize_url(options={})
options[:response_type] ||= "code"
- params = access_token_params.merge(options)
+ params = authorization_params.merge(options)
connection.build_url("/oauth/authorize/", params).to_s
end
@@ -17,6 +17,12 @@ def get_access_token(code, options={})
private
+ def authorization_params
+ {
+ :client_id => client_id
+ }
+ end
+
def access_token_params
{
:client_id => client_id,
View
@@ -75,13 +75,24 @@
redirect_uri = 'http://localhost:4567/oauth/callback'
url = client.authorize_url(:redirect_uri => redirect_uri)
- params2 = client.send(:access_token_params).merge(params)
- params2[:redirect_uri] = redirect_uri
- params2[:response_type] = "code"
+ options = {
+ :redirect_uri => redirect_uri,
+ :response_type => "code"
+ }
+ params2 = client.send(:authorization_params).merge(options)
+
url2 = client.send(:connection).build_url("/oauth/authorize/", params2).to_s
url2.should == url
end
+
+ it "should not include client secret in URL params" do
+ params = { :client_id => "CID", :client_secret => "CS" }
+ client = Instagram::Client.new(params)
+ redirect_uri = 'http://localhost:4567/oauth/callback'
+ url = client.authorize_url(:redirect_uri => redirect_uri)
+ url.should_not include("client_secret")
+ end
end
describe ".get_access_token" do

0 comments on commit 65f723a

Please sign in to comment.