Skip to content

Fix stale docstring in nb_oauth_callback (describes pre-CSRF client state) #32

Description

@ianpatrickhines

Surfaced by independent review of PR #24 (#11). Trivial cleanup.

Problem

The handler() docstring in src/lambdas/nb_oauth_callback/handler.py still says the state parameter is {user_id, nb_slug, redirect_uri} carried from the client. After the CSRF hardening, state is an opaque single-use nonce validated server-side, and those fields come from the trusted DynamoDB record — not the client. The docstring will mislead the next engineer.

Acceptance Criteria

  • Docstring describes the current server-side-nonce state model
  • No logic change

Can be folded into another small PR. Source: PR #24 review.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions