Fixed a comment error and a hard-coded string.

2 files changed, 3 insertions, 2 deletions

diff --git a/samples/OAuthAuthorizationServer/Views/OAuth/Authorize.aspx b/samples/OAuthAuthorizationServer/Views/OAuth/Authorize.aspx
index 7f067a8..94480f1 100644
--- a/samples/OAuthAuthorizationServer/Views/OAuth/Authorize.aspx
+++ b/samples/OAuthAuthorizationServer/Views/OAuth/Authorize.aspx
@@ -35,7 +35,7 @@
 		<%= Html.Hidden("redirect_uri", Model.AuthorizationRequest.Callback) %>
 		<%= Html.Hidden("state", Model.AuthorizationRequest.ClientState) %>
 		<%= Html.Hidden("scope", OAuthUtilities.JoinScopes(Model.AuthorizationRequest.Scope)) %>
-		<%= Html.Hidden("response_type", "code") %>
+		<%= Html.Hidden("response_type", Model.AuthorizationRequest.ResponseType == DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationResponseType.AccessToken ? "token" : "code") %>
 		<div style="display: none" id="responseButtonsDiv">
 			<input type="submit" value="Yes" onclick="document.getElementsByName('IsApproved')[0].value = true; return true;" />
 			<input type="submit" value="No" onclick="document.getElementsByName('IsApproved')[0].value = false; return true;" />
diff --git a/src/DotNetOpenAuth/OAuth2/Messages/EndUserAuthorizationRequest.cs b/src/DotNetOpenAuth/OAuth2/Messages/EndUserAuthorizationRequest.cs
index 802aed6..bee1cae 100644
--- a/src/DotNetOpenAuth/OAuth2/Messages/EndUserAuthorizationRequest.cs
+++ b/src/DotNetOpenAuth/OAuth2/Messages/EndUserAuthorizationRequest.cs
@@ -78,7 +78,8 @@ namespace DotNetOpenAuth.OAuth2.Messages {
 		/// An opaque value that Clients can use to maintain state associated with this request. 
 		/// </value>
 		/// <remarks>
-		/// REQUIRED. The client identifier as described in Section 3.4  (Client Credentials). 
+		/// This data is proprietary to the client and should be considered an opaque string to the
+		/// authorization server.
 		/// </remarks>
 		[MessagePart(Protocol.state, IsRequired = false)]
 		public string ClientState { get; set; }