From bf6b9fb99d903d11a8cda28439fe46b461b53e07 Mon Sep 17 00:00:00 2001 From: Ike McCreery Date: Mon, 15 Jan 2024 15:58:57 -0500 Subject: [PATCH] Fix comments about csrf_state Clarify that the `state` parameter should be compared to the `csrf_token.secret()`. Fixes #208. --- src/lib.rs | 6 +++--- src/types.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 10a17be..8b9531f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -131,7 +131,7 @@ //! //! // Once the user has been redirected to the redirect URL, you'll have access to the //! // authorization code. For security reasons, your code should verify that the `state` -//! // parameter returned by the server matches `csrf_state`. +//! // parameter returned by the server matches `csrf_token.secret()`. //! //! // Now you can trade it for an access token. //! let token_result = @@ -202,7 +202,7 @@ //! //! // Once the user has been redirected to the redirect URL, you'll have access to the //! // authorization code. For security reasons, your code should verify that the `state` -//! // parameter returned by the server matches `csrf_state`. +//! // parameter returned by the server matches `csrf_token.secret()`. //! //! // Now you can trade it for an access token. //! let token_result = client @@ -259,7 +259,7 @@ //! //! // Once the user has been redirected to the redirect URL, you'll have the access code. //! // For security reasons, your code should verify that the `state` parameter returned by the -//! // server matches `csrf_state`. +//! // server matches `csrf_token.secret()`. //! //! # Ok(()) //! # } diff --git a/src/types.rs b/src/types.rs index 398353f..9f8171f 100644 --- a/src/types.rs +++ b/src/types.rs @@ -594,7 +594,7 @@ new_secret_type![ new_secret_type![ /// /// Value used for [CSRF](https://tools.ietf.org/html/rfc6749#section-10.12) protection - /// via the `state` parameter. + /// via the `state` parameter. Compare the `state` parameter to `self.secret()`. /// #[must_use] #[derive(Clone, Deserialize, Serialize)]