diff options
| author | Braedon Vickers <braedon.vickers@gmail.com> | 2020-01-21 19:45:29 +0800 |
|---|---|---|
| committer | Braedon Vickers <braedon.vickers@gmail.com> | 2020-01-21 19:45:29 +0800 |
| commit | 89cf685d0299744fe3be6d7c0fa8429b945a4d67 (patch) | |
| tree | b0bfcc1637da3a0876aa29a4be2bbd502e11ab62 /docs/oauth2/server.rst | |
| parent | a09a2ce979b886e81eb4e7fd3794ae4a050ff8fb (diff) | |
| download | oauthlib-89cf685d0299744fe3be6d7c0fa8429b945a4d67.tar.gz | |
Rework client authentication in SkeletonValidator for clarity
SkeletonValidator was seemingly written to not support public clients at
all. Its authenticate_client_id() explicitly returned `False`, rather than
`pass`-ing like the other methods, and client_authentication_required()
was missing entirely (the default implementation always returns `True`).
This opinionated approach is confusing, especially when writing an
implementation that allows public clients.
The comment on the authenticate_client_id() method is particularly
confusing. Unlike the comments on other methods, which explain the method,
it explains the implementation (returning `False`). As a result, it appears
to say the method should return `False` for public clients, when it should
actually return `False` for confidential clients (and `True` for valid
public clients).
To reduce this confusion, include a client_authentication_required() stub,
`pass` rather than returning `False` in authenticate_client_id(), and
update its comment to describe the method.
Diffstat (limited to 'docs/oauth2/server.rst')
0 files changed, 0 insertions, 0 deletions