diff options
author | Ib Lundgren <ib.lundgren@gmail.com> | 2013-01-15 12:48:53 -0800 |
---|---|---|
committer | Ib Lundgren <ib.lundgren@gmail.com> | 2013-01-15 12:48:53 -0800 |
commit | a12625ad9aa6d6a177d3d788f7014385f7a6d83d (patch) | |
tree | 18cf917c3251181c3f8ed62607b826a04dbf9d55 /oauthlib/oauth1/rfc5849/__init__.py | |
parent | 11580381ce36a7e1a601e3881562da5c59eb9633 (diff) | |
parent | 4d64a2c6ea6ae80e43130186a4266f90175b4590 (diff) | |
download | oauthlib-a12625ad9aa6d6a177d3d788f7014385f7a6d83d.tar.gz |
Merge pull request #92 from metatoaster/oauth1_callback_verify
Test for callback verification for OAuth1 provider.
Diffstat (limited to 'oauthlib/oauth1/rfc5849/__init__.py')
-rw-r--r-- | oauthlib/oauth1/rfc5849/__init__.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/oauthlib/oauth1/rfc5849/__init__.py b/oauthlib/oauth1/rfc5849/__init__.py index cb7d0f3..465d779 100644 --- a/oauthlib/oauth1/rfc5849/__init__.py +++ b/oauthlib/oauth1/rfc5849/__init__.py @@ -657,7 +657,7 @@ class Server(object): def verify_request(self, uri, http_method='GET', body=None, headers=None, require_resource_owner=True, require_verifier=False, - require_realm=False, required_realm=None): + require_realm=False, required_realm=None, require_callback=False): """Verifies a request ensuring that the following is true: Per `section 3.2`_ of the spec. @@ -816,9 +816,14 @@ class Server(object): if not valid_client: client_key = self.dummy_client - # Ensure a valid redirection uri is used - valid_redirect = self.validate_redirect_uri(request.client_key, - request.callback_uri) + # Callback is normally never required, except for requests for + # a Temporary Credential as described in `Section 2.1`_ + # .._`Section 2.1`: http://tools.ietf.org/html/rfc5849#section-2.1 + if require_callback: + valid_redirect = self.validate_redirect_uri(request.client_key, + request.callback_uri) + else: + valid_redirect = True # The server SHOULD return a 401 (Unauthorized) status code when # receiving a request with invalid or expired token. |