Not sure where this came from, whether original OAuth access project or what.
in the callback view there are these lines:
TODO: Check to make sure the session cookie is setting correctly
unauth_token = request.session.get("unauth_token", None)
this session var is never set elsewhere
the function OAuthAccess.check_token has code to check an unauthorized token, this code never gets called.
Currently we generate a new token (with new expiration date) every login. Because we don't know the FB user until the initiate a login - I'm not sure how we could really make use of an unauthorized token.
Not sure where this came from, whether original OAuth access project or what.
in the callback view there are these lines:
TODO: Check to make sure the session cookie is setting correctly
this session var is never set elsewhere
the function OAuthAccess.check_token has code to check an unauthorized token, this code never gets called.
Currently we generate a new token (with new expiration date) every login. Because we don't know the FB user until the initiate a login - I'm not sure how we could really make use of an unauthorized token.