Code review comment for lp:~xnox/launchpad/devel

> This seems to remove the test that verifies the behaviour that every existing
> Launchpad API client relies on. Why do you want to change the behaviour in the
> first place?

Right, i'll readd it back again. At the moment it exposes a bug though, since header-signature type doesn't appear to invalidate request token, thus one can exchange for access token unlimited amount of times. Only body-signature type seems to correctly raise 401 upon subsequent requests.

So at the moment the test change exposes buggy behaviour with header-signature. I'll make sure to re-introduce body-signature tests and test header-signatures separately.

----------------------------------------------------------------------
File "lib/lp/services/oauth/stories/access-token.txt", line 42, in access-token.txt
Failed example:
    auth_browser.open(
        'http://launchpad.dev/+access-token')
Differences (ndiff with -expected +actual):
    - Traceback (most recent call last):
    - ...
    - HTTPError: HTTP Error 401: Unauthorized