Comment about the token endpoint not checking auth in the FakeOidcServer

matrix-org · Oct 24, 2022 · a6fec41 · a6fec41
1 parent a973c91
commit a6fec41
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/tests/test_utils/oidc.py b/tests/test_utils/oidc.py
@@ -277,6 +277,9 @@ async def _request(
             params = parse_qs(data.decode("utf-8"))
 
             if uri == self.token_endpoint:
+                # Even though this endpoint should be protected, this does not check
+                # for client authentication. We're not checking it for simplicity, 
+                # and because client authentication is tested in other standalone tests.
                 return self.post_token_handler(params)
 
         elif method == "GET":