From c69d55bb512d94decee556862aea7cbff8c9081d Mon Sep 17 00:00:00 2001
From: Tareque Hossain <tareque@codexn.com>
Date: Mon, 6 Jun 2011 11:01:11 -0400
Subject: [PATCH] Added notes to specify distinction between 2-legged &
 3-legged requests.

---
 piston/oauth.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/piston/oauth.py b/piston/oauth.py
index 4cd1f88..ece37e9 100644
--- a/piston/oauth.py
+++ b/piston/oauth.py
@@ -360,6 +360,7 @@ def _split_header(header):
 
     def _split_url_string(param_str):
         """Turn URL string into parameters."""
+        # NOTE: Keep blank values to allow 2-legged OAuth request
         parameters = cgi.parse_qs(param_str, keep_blank_values=True)
         for k, v in parameters.iteritems():
             parameters[k] = urllib.unquote(v[0])
@@ -493,13 +494,16 @@ def _get_consumer(self, oauth_request):
 
     def _get_token(self, oauth_request, token_type='access'):
         """Try to find the token for the provided request token key."""
-        
+        # NOTE: OAuth standards specify that a 2-legged request must be accompanied by an empty token
+        # Following procedure will raise errors properly in absense of a blank token  
         token_field = oauth_request.get_parameter('oauth_token')
 
-        if not token_field:
-            # TODO: Figure out a way to distinguish 2-legged from 3-legged. Allow challenges for 3-legged scenario by raising OAuthError
+        # Check for blank token
+        if token_field == '':
+            # 2-legged request
             token = AnonymousToken(token_type)
         else:
+            # 3-legged request
             token = self.data_store.lookup_token(token_type, token_field)
 
         return token