diff options
author | Braedon Vickers <braedon.vickers@gmail.com> | 2020-01-21 19:45:29 +0800 |
---|---|---|
committer | Braedon Vickers <braedon.vickers@gmail.com> | 2020-01-21 19:45:29 +0800 |
commit | 89cf685d0299744fe3be6d7c0fa8429b945a4d67 (patch) | |
tree | b0bfcc1637da3a0876aa29a4be2bbd502e11ab62 /tests | |
parent | a09a2ce979b886e81eb4e7fd3794ae4a050ff8fb (diff) | |
download | oauthlib-89cf685d0299744fe3be6d7c0fa8429b945a4d67.tar.gz |
Rework client authentication in SkeletonValidator for clarity
SkeletonValidator was seemingly written to not support public clients at
all. Its authenticate_client_id() explicitly returned `False`, rather than
`pass`-ing like the other methods, and client_authentication_required()
was missing entirely (the default implementation always returns `True`).
This opinionated approach is confusing, especially when writing an
implementation that allows public clients.
The comment on the authenticate_client_id() method is particularly
confusing. Unlike the comments on other methods, which explain the method,
it explains the implementation (returning `False`). As a result, it appears
to say the method should return `False` for public clients, when it should
actually return `False` for confidential clients (and `True` for valid
public clients).
To reduce this confusion, include a client_authentication_required() stub,
`pass` rather than returning `False` in authenticate_client_id(), and
update its comment to describe the method.
Diffstat (limited to 'tests')
0 files changed, 0 insertions, 0 deletions