Add documentation of OAUTHLIB_STRICT_TOKEN_TYPE

author: Chad Whitacre <chad@zetaweb.com> 2014-09-22 10:07:03 -0400
committer: Chad Whitacre <chad@zetaweb.com> 2014-09-22 10:07:03 -0400
commit: c49028af26b89ebdc08a72d3cebbf553fa0ddef6 (patch)
tree: 42ef8c9b6cf99343a4f6ec3fc37889e849a69e0a /docs/oauth2
parent: 0544857516745f4ba6c9829702253e17c9f77458 (diff)
download: oauthlib-c49028af26b89ebdc08a72d3cebbf553fa0ddef6.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/oauth2/tokens/tokens.rst b/docs/oauth2/tokens/tokens.rst
index 3273f77..b565c6b 100644
--- a/docs/oauth2/tokens/tokens.rst
+++ b/docs/oauth2/tokens/tokens.rst
@@ -9,6 +9,15 @@ spec matures) can easily be added (and will be in due time).
 The purpose of a token is to authorize access to protected resources to a client
 (i.e. your G+ feed).
 
+The spec `requires`_ a ``token_type`` in access token responses, but some
+providers, notably Facebook, do not provide this information. Per the
+`robustness principle`_, we default to the ``Bearer`` token type if this value
+is missing. You can force a ``MissingTokenTypeError`` exception instead, by
+setting ``OAUTHLIB_STRICT_TOKEN_TYPE`` in the environment.
+
+.. _requires: http://tools.ietf.org/html/rfc6749#section-5.1
+.. _robustness principle: http://en.wikipedia.org/wiki/Robustness_principle
+
 .. toctree::
     :maxdepth: 2
author	Chad Whitacre <chad@zetaweb.com>	2014-09-22 10:07:03 -0400
committer	Chad Whitacre <chad@zetaweb.com>	2014-09-22 10:07:03 -0400
commit	c49028af26b89ebdc08a72d3cebbf553fa0ddef6 (patch)
tree	42ef8c9b6cf99343a4f6ec3fc37889e849a69e0a /docs/oauth2
parent	0544857516745f4ba6c9829702253e17c9f77458 (diff)
download	oauthlib-c49028af26b89ebdc08a72d3cebbf553fa0ddef6.tar.gz