From 05a4a6c4a8c9cdd11bbff2266010a1fc32a226db Mon Sep 17 00:00:00 2001
From: Stuart Heap <sheap13@gmail.com>
Date: Wed, 1 Sep 2021 17:12:05 +0200
Subject: [PATCH] comment updates

---
 src/api/identity.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/api/identity.rs b/src/api/identity.rs
index f7bc54df..f36b362b 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -610,6 +610,8 @@ fn authorize(
     let state_decoded = &state.percent_decode().expect("Invalid state").into_owned();
     let client = get_client_from_identifier(domain_hint_decoded, &conn);
 
+    // TODO store the nonce for validation on authorization token exchange - unclear where to store
+    // this
     let (mut authorize_url, _csrf_state, _nonce) = client
         .authorize_url(
             AuthenticationFlow::<CoreResponseType>::AuthorizationCode,
@@ -621,7 +623,7 @@ fn authorize(
         .url();
 
     // it seems impossible to set the state going in dynamically (requires static lifetime string)
-    // so I change it after the fact (will it work? Let's find out)
+    // so I change it after the fact
     let old_pairs = authorize_url.query_pairs().clone();
     let new_pairs = old_pairs.map(|pair| {
         let (key, value) = pair;