Hi!
Sessions aren't used in case of token based authentication.
But Oauth1 uses sessions and trying to get oauth_token and oauth_token_secret parameters from session store.
So if these parameters aren't in session store they will be added from POST request data to session object manually.
If sessions aren't used by developers they should add oauth_token_secret to request.
Coverage remained the same at ?% when pulling a28539e6bf6c7c97460591b6e0de838e28729471 on AntonDatsik:master into b0b6e111282d2e024059388f62430cc46b91ac09 on st4lk:master.
Hi! Sessions aren't used in case of token based authentication. But Oauth1 uses sessions and trying to get oauth_token and oauth_token_secret parameters from session store. So if these parameters aren't in session store they will be added from POST request data to session object manually. If sessions aren't used by developers they should add oauth_token_secret to request.
What are your thoughts about that?