vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add comment clarifying how we validate client {ID, secret} in Gitlab

Browse source
This commit is contained in:
Joseph Schorr 2017-01-24 15:20:19 -05:00
parent adb2ff0b81
commit 8573535b8c
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
oauth/services/gitlab.py
View file

@ -30,6 +30,10 @@ class GitLabOAuthService(OAuthService):
return slash_join(self._endpoint(), '/oauth/token')
def validate_client_id_and_secret(self, http_client, app_config):
# We validate the client ID and secret by hitting the OAuth token exchange endpoint with
# the real client ID and secret, but a fake auth code to exchange. Gitlab's implementation will
# return `invalid_client` as the `error` if the client ID or secret is invalid; otherwise, it
# will return another error.
url = self.token_endpoint()
redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
data = {