From b73a17d49bbd15c925845128a23b15d8687cc37d Mon Sep 17 00:00:00 2001
From: Janak Amarasena <janakamarasena@gmail.com>
Date: Thu, 14 Sep 2023 23:24:04 +0530
Subject: [PATCH] api auth init

---
 .../authentication/framework/AuthenticationService.java     | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java
index 19b1dbc5c1e..aafdf25c779 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.java
@@ -62,7 +62,12 @@ public class AuthenticationService {
      * @throws AuthServiceException If an error occurs while handling the authentication request.
      */
     public AuthServiceResponse handleAuthentication(AuthServiceRequest authRequest) throws AuthServiceException {
+        /* TODO: check if the application contains an authenticator that
+            doesn't support api based auth and throw an error.
 
+            alternative: remove any steps that doesn't support api based auth.
+            If there are no steps that support api based auth then fail.
+         */
         AuthServiceRequestWrapper wrappedRequest = getWrappedRequest(authRequest.getRequest(),
                 authRequest.getParameters());
         AuthServiceResponseWrapper wrappedResponse = getWrappedResponse(authRequest.getResponse());
@@ -90,6 +95,7 @@ private AuthServiceResponse processCommonAuthResponse(AuthServiceRequestWrapper
             throws AuthServiceException {
 
         AuthServiceResponse authServiceResponse = new AuthServiceResponse();
+        // handle user abort
 
         if (isAuthFlowSuccessful(request)) {
             handleSuccessAuthResponse(request, response, authServiceResponse);