Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'master' into docs-flows-hooksdocs-flows-hooks | Jonathan Huot | 2019-08-01 | 12 | -54/+262 |
|\ | |||||
| * | Oidc userinfo (#677) | Jonathan Huot | 2019-08-01 | 8 | -49/+222 |
| |\ | | | | | | | Oidc userinfo | ||||
| | * | Merge branch 'master' into oidc-userinfooidc-userinfo | Jonathan Huot | 2019-08-01 | 2 | -2/+35 |
| | |\ | | |/ | |/| | |||||
| * | | add HMAC-SHA256 signature validation (#691) | Jonathan Huot | 2019-07-25 | 2 | -2/+35 |
| |\ \ | | | | | | | | | add HMAC-SHA256 signature validation | ||||
| | * | | add HMAC-SHA256 signature validation | Hamish Moffatt | 2019-07-25 | 2 | -2/+35 |
| |/ / | |||||
| | * | Merge branch 'master' into oidc-userinfo | Jonathan Huot | 2019-07-19 | 2 | -3/+5 |
| | |\ | | |/ | |/| | |||||
| * | | Bump version | Jonathan Huot | 2019-07-19 | 1 | -1/+1 |
| | | | |||||
| * | | Release 3.0.2 (#683) | Jonathan Huot | 2019-07-19 | 2 | -3/+5 |
| |\ \ | | | | | | | | | Release 3.0.2 | ||||
| | * \ | Merge branch 'master' into release-3.0.2release-3.0.2 | Jonathan Huot | 2019-07-19 | 47 | -329/+1979 |
| | |\ \ | | |/ / | |/| | | |||||
| | * | | Bump versionv3.0.2 | Jonathan Huot | 2019-07-04 | 1 | -1/+1 |
| | | | | |||||
| | * | | Update for 3.0.2 | Jonathan Huot | 2019-07-04 | 1 | -1/+4 |
| | | | | |||||
| | * | | Notifications must be sent for every build | Jonathan Huot | 2019-07-04 | 1 | -1/+1 |
| | | | | | | | | | | | | I hope fixing the longstanding issue mentionned at https://github.com/oauthlib/oauthlib/issues/582. | ||||
| | * | | Added missing import after test moved | Jonathan Huot | 2019-07-04 | 1 | -2/+5 |
| | | | | |||||
| | * | | Move HybridGrant test into its respective file. | Jonathan Huot | 2019-07-04 | 2 | -75/+76 |
| | | | | |||||
| | * | | Add nonce mandatory check for "id_token" response_type | Jonathan Huot | 2019-07-04 | 1 | -0/+21 |
| | | | | |||||
| | * | | Add nonce auth request check for authorization_code | Jonathan Huot | 2019-07-04 | 1 | -0/+14 |
| | | | | |||||
| | * | | OIDC: Raise error=invalid_request when nonce is mandatory | Jonathan Huot | 2019-07-04 | 4 | -32/+99 |
| | | | | | | | | | | | | | | | | Until now, only OIDC implicit was raising an error, but OIDC hybrid contain a couple of mandatory nonce, too. | ||||
| | * | | Change to 3.0.2-dev as long as master is in "dev" | Jonathan Huot | 2019-07-04 | 2 | -2/+2 |
| | | | | |||||
| | * | | Removed useless set_state internal function | Jonathan Huot | 2019-07-04 | 1 | -7/+1 |
| | | | | | | | | | | | | | | | | Does not have purpose for /token request | ||||
| | * | | Add authorization "state" preservation back for AuthCode | Jonathan Huot | 2019-07-04 | 1 | -0/+7 |
| | | | | |||||
| | * | | Add clarity to the deprecation warning | Jonathan Huot | 2019-07-04 | 1 | -2/+2 |
| | | | | |||||
| | * | | Fix 652: removed "state" from /token response. | Jonathan Huot | 2019-07-04 | 13 | -49/+72 |
| | | | | | | | | | | | | | | | | | | | | | | | | Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used. | ||||
| | | * | Merge branch 'master' into oidc-userinfo | Jonathan Huot | 2019-07-04 | 13 | -13/+206 |
| | | |\ | | |_|/ | |/| | | |||||
| | | * | Downgrade python to match with Travis | Jonathan Huot | 2019-05-13 | 1 | -1/+1 |
| | | | | |||||
| | | * | Force bandit python version to be sure no conflict with others | Jonathan Huot | 2019-05-13 | 1 | -0/+1 |
| | | | | |||||
| | | * | Updated bandit baseline after review | Jonathan Huot | 2019-05-13 | 1 | -5/+1179 |
| | | | | |||||
| | | * | Add UserInfoEndpoint to the OIDC Provider support. | Jonathan Huot | 2019-05-13 | 7 | -1/+220 |
| | | | | |||||
| | | * | Removed duplicated code for oauth2.BaseEndpoint | Jonathan Huot | 2019-05-13 | 1 | -48/+2 |
| | | | | |||||
* | | | | Merge branch 'master' into docs-flows-hooks | Jonathan Huot | 2019-07-09 | 28 | -48/+1788 |
|\ \ \ \ | |/ / / | |||||
| * | | | Handle null value in expires_in field in JSON handler (#675) | Jonathan Huot | 2019-07-04 | 2 | -1/+22 |
| |\ \ \ | | | | | | | | | | | Handle null value in expires_in field in JSON handler | ||||
| | * \ \ | Merge branch 'master' into 672-fix-null-expires-in | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
| | |\ \ \ | | |/ / / | |/| | | | |||||
| * | | | | Fix BackendApplicationClient.prepare_request_body (#682) | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
| |\ \ \ \ | | | | | | | | | | | | | Fix BackendApplicationClient.prepare_request_body | ||||
| | * \ \ \ | Merge branch 'master' into patch-2 | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
| | |\ \ \ \ | | |/ / / / | |/| | | | | |||||
| | * | | | | Fix BackendApplicationClient.prepare_request_body | qporest | 2019-07-02 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`. | ||||
| | | * | | | Merge branch 'master' into 672-fix-null-expires-in | Josh Holmer | 2019-07-03 | 1 | -1/+1 |
| | | |\ \ \ | | |_|/ / / | |/| | | | | |||||
| * | | | | | Error in timestamp comparison | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
| |/ / / / | |||||
| | * | | | Merge branch 'master' into 672-fix-null-expires-in | Omer Katz | 2019-06-29 | 27 | -47/+1765 |
| | |\ \ \ | | |/ / / | |/| | | | |||||
| * | | | | Check for errors in authorization code response (#680) | Jonathan Huot | 2019-06-12 | 2 | -6/+12 |
| |\ \ \ \ | | | | | | | | | | | | | Check for errors in authorization code response | ||||
| | * \ \ \ | Merge branch 'master' into 290-code-response-errors | Jonathan Huot | 2019-06-12 | 1 | -0/+12 |
| | |\ \ \ \ | | |/ / / / | |/| | | | | |||||
| * | | | | | Create FUNDING.yml | Omer Katz | 2019-06-11 | 1 | -0/+12 |
| | | | | | | |||||
| | * | | | | Check for authorization response errors | Mark Gregson | 2019-06-06 | 2 | -6/+12 |
| |/ / / / | |||||
| * | | | | Merge pull request #667 from Abhishek8394/sanitize-get | Jonathan Huot | 2019-05-19 | 10 | -10/+1338 |
| |\ \ \ \ | | |_|_|/ | |/| | | | Fix Issue #666: ban 'client_secret' and 'code_verifier' from url query params | ||||
| | * | | | Downgrade python to match with Travis | Jonathan Huot | 2019-05-16 | 1 | -0/+1 |
| | | | | | |||||
| | * | | | Updated bandit baseline after review | Jonathan Huot | 2019-05-16 | 1 | -5/+1179 |
| | | | | | |||||
| | * | | | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵ | Abhishek Patel | 2019-05-14 | 8 | -21/+107 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body. | ||||
| | * | | | Ban all query parameters on Intropspection, Token and Revocation endpopoint | Abhishek Patel | 2019-05-14 | 4 | -26/+15 |
| | | | | | |||||
| | * | | | Add tests + create a global variable for blacklisted query parameters | Abhishek Patel | 2019-05-14 | 4 | -7/+68 |
| | | | | | |||||
| | * | | | Add validation check for presence of forbidden query parameters in OAuth2 ↵ | Abhishek Patel | 2019-05-14 | 4 | -1/+18 |
| |/ / / | | | | | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint | ||||
| * | | | Merge pull request #671 from oauthlib/670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 2 | -2/+7 |
| |\ \ \ | | | | | | | | | | | Fix 670. AuthCode API must return the new PKCE attribute | ||||
| | * \ \ | Merge branch 'master' into 670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 12 | -29/+396 |
| | |\ \ \ | | |/ / / | |/| | | |