diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c b/src/kyclogic/plugin_kyclogic_oauth2.c index d4aaf4494..228525e28 100644 --- a/src/kyclogic/plugin_kyclogic_oauth2.c +++ b/src/kyclogic/plugin_kyclogic_oauth2.c @@ -514,6 +514,11 @@ initiate_task (void *cls) pd->client_id, redirect_uri_encoded); GNUNET_free (redirect_uri_encoded); + /* FIXME-API: why do we *redirect* the client here, + instead of making the HTTP request *ourselves* + and forwarding the response? This prevents us + from using authentication on initiation, + (which is desirable for challenger!) */ ih->cb (ih->cb_cls, TALER_EC_NONE, url,