Closed tomhughes closed 12 years ago
pelle
commented
12 years ago OAuth 1.0 has a serious security issue, which was fixed in OAuth 1.0a. The current code correctly supports 1.0a, but I'd prefer not to have code that supports the insecure authorization model in the repo.
tomhughes
commented
12 years ago Well if you're not going to support it you should probably remove the explanation of how to enable it from the documentation ;-)
pelle
commented
12 years ago Thanks, that is actually a very good point.
The merging of the oauth1 and oauth2 providers in 810348163121c6e446b2a4946671c2d12c4ede5f accidentally lost the code which handled callbacks for 1.0 clients. This commit restores that support.