Document response_type in verify_client callback

payprop / net-oauth2-authorizationserver

Module to implement core functions of an OAuth2 authorization server

7 stars 10 forks source link

Document response_type in verify_client callback #7

Closed mrenvoize closed 7 years ago

mrenvoize commented 7 years ago

This clarifies the documentation for the verify_client callback subroutine signature and also updates the example too.

mrenvoize commented 7 years ago

Pretty sure this resolves issue #4. The default _verify_client code found within ImplicitGrant appears to take account response type inherently without the need to response_type being passed (::Plugin::OAuth2::Server traps that we're in an ImplicitGrant situation before the verify_callback is called so directs us to the right callback (so long as the callbacks aren't overridden and therefore shared between grant types).

I've therefore tried to resolve this documentation clarification.

coveralls commented 7 years ago

Coverage remained the same at 97.802% when pulling da2131a1ee58ab7d32019b8b20f8fbc3aa4b9007 on mrenvoize:response_type into a335511b799df90e29bad2d8b577ee85c63757f5 on Humanstate:master.

mrenvoize commented 7 years ago

We could further enforce this by requiring response_type be passed to, and equal to 'token', _verify_client for this grant type which may add further code clarity.. But I'm not entirely sure it's required with these documentation updates in place?

leejo commented 7 years ago

Merged, thanks! I'll hold back on building a release for CPAN until the other issues/PRs are done/tweaked.