OAuth 2.0 authorization and token exchange
Document TLS verification precondition on exchange_code/refresh_token
The library validates URL schemes but delegates TLS to the Requests.t
handle. The docs now state the precondition honestly: the handle must
have certificate verification enabled (the Requests.create default).
+10
-4
+10
-4
lib/oauth.mli
+10
-4
lib/oauth.mli
···
249
249
(token_response, parse_token_error) result
250
250
(** [exchange_code http provider ~client_id ~client_secret ~code ~redirect_uri
251
251
?code_verifier ()] exchanges an authorization code for an access token by
252
-
POSTing to the provider's token endpoint over TLS (RFC 6749 §4.1.3).
252
+
POSTing to the provider's token endpoint (RFC 6749 §4.1.3).
253
253
254
-
When [~code_verifier] is provided, it is included per RFC 7636 §4.5. *)
254
+
When [~code_verifier] is provided, it is included per RFC 7636 §4.5.
255
+
256
+
[http] must have TLS certificate verification enabled (the default for
257
+
{!Requests.create}). Passing a handle with [~verify_tls:false] voids the
258
+
transport security guarantee. *)
255
259
256
260
val refresh_token :
257
261
Requests.t ->
···
261
265
refresh_token:string ->
262
266
(token_response, parse_token_error) result
263
267
(** [refresh_token http provider ~client_id ~client_secret ~refresh_token]
264
-
refreshes an access token by POSTing to the provider's token endpoint over
265
-
TLS (RFC 6749 §6). *)
268
+
refreshes an access token by POSTing to the provider's token endpoint (RFC
269
+
6749 §6).
270
+
271
+
Same TLS requirement as {!exchange_code}. *)
266
272
267
273
val parse_token_response : string -> (token_response, parse_token_error) result
268
274
(** [parse_token_response body] parses a JSON token response body. *)