auth
auth/client.go
Let's test our verifyClient function. C'mon, it'll be fun! Add a function that tests the verifyClient function to our unit test suite. Basically, make sure that all the conceivable types of input have the right logic flow for what a "valid client" is. Also leave a note in client.go that makes it clear that public clients _should not be issued secrets in the first place_, because a public client that is issued a secret and specifies its client ID using the `client_id` POST body format will be told that it is not a valid client. While there are ways around this, the spec clearly states that non-confidential clients are not supposed to be issued secrets, so this seems like a nice way to conform to the spec or break trying.
1.1 --- a/client.go Sat Jan 10 01:52:01 2015 -0500 1.2 +++ b/client.go Sat Jan 10 04:09:46 2015 -0500 1.3 @@ -147,7 +147,7 @@ 1.4 renderJSONError(enc, "server_error") 1.5 return nil, false 1.6 } 1.7 - if client.Secret != clientSecret { 1.8 + if client.Secret != clientSecret { // it's important that any client deemed "public" is not issued a client secret. 1.9 w.WriteHeader(http.StatusUnauthorized) 1.10 if fromAuthHeader { 1.11 w.Header().Set("WWW-Authenticate", "Basic")