OAuth 2.0 authorization and token exchange
Keep parse_token_response public, drop the "prefer" note
parse_token_response is a pure JSON parser — it doesn't produce or
transmit secrets. Removing it would destroy 9 valuable edge-case
tests (invalid JSON, missing fields, token_type validation) with no
security benefit. The transport security boundary is at exchange_code
and refresh_token, not at the parser.
+1
-2
+1
-2
lib/oauth.mli
+1
-2
lib/oauth.mli
···
265
265
TLS (RFC 6749 §6). *)
266
266
267
267
val parse_token_response : string -> (token_response, parse_token_error) result
268
-
(** [parse_token_response body] parses a JSON token response. Prefer
269
-
{!exchange_code} and {!refresh_token} which handle the HTTP transport. *)
268
+
(** [parse_token_response body] parses a JSON token response body. *)
270
269
271
270
val pp_parse_token_error : Format.formatter -> parse_token_error -> unit
272
271