Add comment clarifying how we validate client {ID, secret} in Gitlab
This commit is contained in:
parent
adb2ff0b81
commit
8573535b8c
1 changed files with 4 additions and 0 deletions
|
@ -30,6 +30,10 @@ class GitLabOAuthService(OAuthService):
|
||||||
return slash_join(self._endpoint(), '/oauth/token')
|
return slash_join(self._endpoint(), '/oauth/token')
|
||||||
|
|
||||||
def validate_client_id_and_secret(self, http_client, app_config):
|
def validate_client_id_and_secret(self, http_client, app_config):
|
||||||
|
# We validate the client ID and secret by hitting the OAuth token exchange endpoint with
|
||||||
|
# the real client ID and secret, but a fake auth code to exchange. Gitlab's implementation will
|
||||||
|
# return `invalid_client` as the `error` if the client ID or secret is invalid; otherwise, it
|
||||||
|
# will return another error.
|
||||||
url = self.token_endpoint()
|
url = self.token_endpoint()
|
||||||
redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
|
redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
|
||||||
data = {
|
data = {
|
||||||
|
|
Reference in a new issue