From 48fc0367c2092baf97b8e09f03a94e7fe1ecd890 Mon Sep 17 00:00:00 2001 From: Andy Zhao Date: Fri, 19 Mar 2021 11:53:37 -0700 Subject: [PATCH] authhandler: Reword comment regarding state in example --- authhandler/example_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/authhandler/example_test.go b/authhandler/example_test.go index f450590..a62b4e1 100644 --- a/authhandler/example_test.go +++ b/authhandler/example_test.go @@ -18,8 +18,10 @@ import ( // the auth URL to the console and prompts the user to authorize in the // browser and paste the auth code back via stdin. // -// Per the OAuth protocol, a unique "state" string should be sent and verified -// before exchanging auth code for OAuth token to prevent CSRF attacks. +// Per the OAuth protocol, a unique "state" string should be specified here. +// The authhandler token source will verify that the "state" is identical in +// the request and response before exchanging the auth code for OAuth token to +// prevent CSRF attacks. // // For convenience, this handler returns a pre-configured state instead of // asking the user to additionally paste the state from the auth response.