Merge branch 'master' into master

5 files changed, 12 insertions, 14 deletions

diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py
index b7586d2..bc5d96b 100644
--- a/oauthlib/__init__.py
+++ b/oauthlib/__init__.py
@@ -5,7 +5,7 @@
     A generic, spec-compliant, thorough implementation of the OAuth
     request-signing logic.
 
-    :copyright: (c) 2011 by Idan Gazit.
+    :copyright: (c) 2018 by The OAuthlib Community
     :license: BSD, see LICENSE for details.
 """
 import logging
diff --git a/oauthlib/common.py b/oauthlib/common.py
index f25656f..c1180e6 100644
--- a/oauthlib/common.py
+++ b/oauthlib/common.py
@@ -114,7 +114,7 @@ def decode_params_utf8(params):
     return decoded
 
 
-urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?')
+urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?\'$')
 
 
 def urldecode(query):
diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index 0107933..9ea8c44 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -362,16 +362,13 @@ def parse_token_response(body, scope=None):
         #   https://github.com/oauthlib/oauthlib/issues/267
 
         params = dict(urlparse.parse_qsl(body))
-        for key in ('expires_in', 'expires'):
-            if key in params:  # cast a couple things to int
+        for key in ('expires_in',):
+            if key in params:  # cast things to int
                 params[key] = int(params[key])
 
     if 'scope' in params:
         params['scope'] = scope_to_list(params['scope'])
 
-    if 'expires' in params:
-        params['expires_in'] = params.pop('expires')
-
     if 'expires_in' in params:
         params['expires_at'] = time.time() + int(params['expires_in'])
 
diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py
index 92edba6..bf1515d 100644
--- a/oauthlib/oauth2/rfc6749/request_validator.py
+++ b/oauthlib/oauth2/rfc6749/request_validator.py
@@ -332,7 +332,14 @@ class RequestValidator(object):
             }
 
         Note that while "scope" is a string-separated list of authorized scopes,
-        the original list is still available in request.scopes
+        the original list is still available in request.scopes.
+
+        The token dict is passed as a reference so any changes made to the dictionary
+        will go back to the user.  If additional information must return to the client
+        user, and it is only possible to get this information after writing the token
+        to storage, it should be added to the token dictionary.  If the token
+        dictionary must be modified but the changes should not go back to the user,
+        a copy of the dictionary must be made before making the changes.
 
         Also note that if an Authorization Code grant request included a valid claims
         parameter (for OpenID Connect) then the request.claims property will contain
diff --git a/oauthlib/openid/connect/core/grant_types/base.py b/oauthlib/openid/connect/core/grant_types/base.py
index 2bb48b1..fa578a5 100644
--- a/oauthlib/openid/connect/core/grant_types/base.py
+++ b/oauthlib/openid/connect/core/grant_types/base.py
@@ -225,12 +225,6 @@ class GrantTypeBase(object):
                 msg = "Prompt none is mutually exclusive with other values."
                 raise InvalidRequestError(request=request, description=msg)
 
-            # prompt other than 'none' should be handled by the server code that
-            # uses oauthlib
-            if not request.id_token_hint:
-                msg = "Prompt is set to none yet id_token_hint is missing."
-                raise InvalidRequestError(request=request, description=msg)
-
             if not self.request_validator.validate_silent_login(request):
                 raise LoginRequired(request=request)