X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/1c3a9ee62b7d1a0dc97d52b1a498be1339d49ebf..8090e086daad67eac711ad6fd6a5eba6f28d44fd:/app/models/request_token.rb

diff --git a/app/models/request_token.rb b/app/models/request_token.rb
index 0044dde26..6e4ec40c3 100644
--- a/app/models/request_token.rb
+++ b/app/models/request_token.rb
@@ -6,7 +6,7 @@ class RequestToken < OauthToken
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
-    self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
+    self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
     self.save
   end
 
@@ -21,7 +21,7 @@ class RequestToken < OauthToken
         params[p] = read_attribute(p)
       }
 
-      access_token = AccessToken.create(params)
+      access_token = AccessToken.create(params, :without_protection => true)
       invalidate!
       access_token
     end
@@ -36,7 +36,7 @@ class RequestToken < OauthToken
   end
 
   def oob?
-    self.callback_url=='oob'
+    callback_url.nil? || callback_url.downcase == 'oob'
   end
 
   def oauth10?