Add comment clarifying how we validate client {ID, secret} in Gitlab

This commit is contained in:
Joseph Schorr 2017-01-24 15:20:19 -05:00
parent adb2ff0b81
commit 8573535b8c

View file

@ -30,6 +30,10 @@ class GitLabOAuthService(OAuthService):
return slash_join(self._endpoint(), '/oauth/token') return slash_join(self._endpoint(), '/oauth/token')
def validate_client_id_and_secret(self, http_client, app_config): def validate_client_id_and_secret(self, http_client, app_config):
# We validate the client ID and secret by hitting the OAuth token exchange endpoint with
# the real client ID and secret, but a fake auth code to exchange. Gitlab's implementation will
# return `invalid_client` as the `error` if the client ID or secret is invalid; otherwise, it
# will return another error.
url = self.token_endpoint() url = self.token_endpoint()
redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger') redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
data = { data = {