Closed mrenvoize closed 7 years ago
Pretty sure this resolves issue #4. The default _verify_client code found within ImplicitGrant appears to take account response type inherently without the need to response_type being passed (::Plugin::OAuth2::Server traps that we're in an ImplicitGrant situation before the verify_callback is called so directs us to the right callback (so long as the callbacks aren't overridden and therefore shared between grant types).
I've therefore tried to resolve this documentation clarification.
We could further enforce this by requiring response_type be passed to, and equal to 'token', _verify_client for this grant type which may add further code clarity.. But I'm not entirely sure it's required with these documentation updates in place?
Merged, thanks! I'll hold back on building a release for CPAN until the other issues/PRs are done/tweaked.
This clarifies the documentation for the verify_client callback subroutine signature and also updates the example too.