delta/python-packages/oauthlib.git/examples/skeleton_oauth2_web_application_server.py, branch 3.2.2 github.com: idan/oauthlib.git Rework client authentication in SkeletonValidator for clarity 2020-01-21T11:45:29+00:00 Braedon Vickers braedon.vickers@gmail.com 2020-01-21T11:45:29+00:00 89cf685d0299744fe3be6d7c0fa8429b945a4d67 SkeletonValidator was seemingly written to not support public clients at all. Its authenticate_client_id() explicitly returned `False`, rather than `pass`-ing like the other methods, and client_authentication_required() was missing entirely (the default implementation always returns `True`). This opinionated approach is confusing, especially when writing an implementation that allows public clients. The comment on the authenticate_client_id() method is particularly confusing. Unlike the comments on other methods, which explain the method, it explains the implementation (returning `False`). As a result, it appears to say the method should return `False` for public clients, when it should actually return `False` for confidential clients (and `True` for valid public clients). To reduce this confusion, include a client_authentication_required() stub, `pass` rather than returning `False` in authenticate_client_id(), and update its comment to describe the method. 
SkeletonValidator was seemingly written to not support public clients at
all. Its authenticate_client_id() explicitly returned `False`, rather than
`pass`-ing like the other methods, and client_authentication_required()
was missing entirely (the default implementation always returns `True`).

This opinionated approach is confusing, especially when writing an
implementation that allows public clients.

The comment on the authenticate_client_id() method is particularly
confusing. Unlike the comments on other methods, which explain the method,
it explains the implementation (returning `False`). As a result, it appears
to say the method should return `False` for public clients, when it should
actually return `False` for confidential clients (and `True` for valid
public clients).

To reduce this confusion, include a client_authentication_required() stub,
`pass` rather than returning `False` in authenticate_client_id(), and
update its comment to describe the method.
Remove usage of "state" for code/token response. 2019-02-22T10:12:49+00:00 Jonathan Huot jonathan.huot@thomsonreuters.com 2019-02-22T10:12:49+00:00 54db1bfd65d1d17d1d45c12c8626b9e7fa84e694 






Add request argument to confirm_redirect_uri (#504) (#504)
2018-04-13T08:27:01+00:00

Jimmy Thrasibule
jimmy@thrasibule.mx

2018-04-13T08:27:01+00:00

d49b9f02a821dca920c89b24540485da3b96bf1e












Convert readthedocs link for their .org -> .io migration for hosted projects (#427)
2016-05-31T07:52:57+00:00

Adam Chainz
me@adamj.eu

2016-05-31T07:52:57+00:00

d489d9023f569e327c315aad7f70622732153158

As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:

> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.

Test Plan: Manually visited all the links I’ve modified.




As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:

> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.

Test Plan: Manually visited all the links I’ve modified.






send no state in the access token response
2015-07-03T15:29:50+00:00

gunnar
gunnar@g10f.de

2015-07-03T15:29:50+00:00

8748c6e0e9a66e5b153dac528b313823c152bd19












changing server example to reflect changes to request validator in 035d46c73ab7feb4719e4642dafc9bb21aa8bd2c
2013-06-21T14:57:48+00:00

Clint Ecker
me@clintecker.com

2013-06-21T14:57:48+00:00

2f42009a5e6a4893c4272b397b1456a225e74d5f












Remove django+decorator bits of skeleton example.
2013-05-31T11:27:34+00:00

Ib Lundgren
ib.lundgren@gmail.com

2013-05-31T11:27:34+00:00

81e5781760224900f2dbbf38ef6718ff59a0e344












Fix extracting of scope values from POST
2013-05-23T14:41:00+00:00

Stéphane Raimbault
stephane.raimbault@gmail.com

2013-05-23T14:28:33+00:00

7adc247d399cd3d90d6692a4f82cb170b2bdc012

Many inputs with same name are stored in a list.





Many inputs with same name are stored in a list.







The argument request is missing in validate_code() in examples
2013-05-23T14:41:00+00:00

Stéphane Raimbault
stephane.raimbault@gmail.com

2013-05-22T15:05:02+00:00

f6304e22ae3f8e4a3f9431a6e4455c90b4e2de0a












Fix some typo
2013-05-16T09:08:51+00:00

Eunchong Yu
kroisse@gmail.com

2013-05-16T09:08:51+00:00

9da6a06fd586dded554923493ded1340f2cdd22a