Add messaging around required params for oauth. Style fixes.

endpoints/web.py

@@ -14,7 +14,7 @@ from auth.permissions import AdministerOrganizationPermission
 from util.invoice import renderInvoiceToPdf
 from util.seo import render_snapshot
 from util.cache import no_cache
-from endpoints.common import common_login, render_page_template, route_show_if, route_hide_if
+from endpoints.common import common_login, render_page_template, route_show_if, param_required
 from endpoints.csrf import csrf_protect, generate_csrf_token
 from util.names import parse_repository_name
 from util.gravatar import compute_hash
@@ -190,9 +190,9 @@ def receipt():
     abort(401)
     return
 
-  id =  request.args.get('id')
-  if id:
-    invoice = stripe.Invoice.retrieve(id)
+  invoice_id = request.args.get('id')
+  if invoice_id:
+    invoice = stripe.Invoice.retrieve(invoice_id)
     if invoice:
       user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
       
@@ -315,6 +315,9 @@ def deny_application():
 
 @web.route('/oauth/authorize', methods=['GET'])
 @no_cache
+@param_required('client_id')
+@param_required('redirect_uri')
+@param_required('scope')
 def request_authorization_code():
   provider = FlaskAuthorizationProvider()
   response_type = request.args.get('response_type', 'code')
@@ -364,6 +367,12 @@ def request_authorization_code():
 
 @web.route('/oauth/access_token', methods=['POST'])
 @no_cache
+@param_required('grant_type')
+@param_required('client_id')
+@param_required('client_secret')
+@param_required('redirect_uri')
+@param_required('code')
+@param_required('scope')
 def exchange_code_for_token():
   grant_type = request.form.get('grant_type', None)
   client_id = request.form.get('client_id', None)