summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into release-3.0.2release-3.0.2Jonathan Huot2019-07-1947-329/+1979
|\
| * Handle null value in expires_in field in JSON handler (#675)Jonathan Huot2019-07-042-1/+22
| |\ | | | | | | Handle null value in expires_in field in JSON handler
| | * Merge branch 'master' into 672-fix-null-expires-inJonathan Huot2019-07-041-0/+1
| | |\ | | |/ | |/|
| * | Fix BackendApplicationClient.prepare_request_body (#682)Jonathan Huot2019-07-041-0/+1
| |\ \ | | | | | | | | Fix BackendApplicationClient.prepare_request_body
| | * \ Merge branch 'master' into patch-2Jonathan Huot2019-07-031-1/+1
| | |\ \ | | |/ / | |/| |
| | * | Fix BackendApplicationClient.prepare_request_bodyqporest2019-07-021-0/+1
| | | | | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`.
| | | * Merge branch 'master' into 672-fix-null-expires-inJosh Holmer2019-07-031-1/+1
| | | |\ | | |_|/ | |/| |
| * | | Error in timestamp comparisonJonathan Huot2019-07-031-1/+1
| |/ /
| | * Merge branch 'master' into 672-fix-null-expires-inOmer Katz2019-06-2927-47/+1765
| | |\ | | |/ | |/|
| * | Check for errors in authorization code response (#680)Jonathan Huot2019-06-122-6/+12
| |\ \ | | | | | | | | Check for errors in authorization code response
| | * \ Merge branch 'master' into 290-code-response-errorsJonathan Huot2019-06-121-0/+12
| | |\ \ | | |/ / | |/| |
| * | | Create FUNDING.ymlOmer Katz2019-06-111-0/+12
| | | |
| | * | Check for authorization response errorsMark Gregson2019-06-062-6/+12
| |/ /
| * | Merge pull request #667 from Abhishek8394/sanitize-getJonathan Huot2019-05-1910-10/+1338
| |\ \ | | | | | | | | Fix Issue #666: ban 'client_secret' and 'code_verifier' from url query params
| | * | Downgrade python to match with TravisJonathan Huot2019-05-161-0/+1
| | | |
| | * | Updated bandit baseline after reviewJonathan Huot2019-05-161-5/+1179
| | | |
| | * | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵Abhishek Patel2019-05-148-21/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body.
| | * | Ban all query parameters on Intropspection, Token and Revocation endpopointAbhishek Patel2019-05-144-26/+15
| | | |
| | * | Add tests + create a global variable for blacklisted query parametersAbhishek Patel2019-05-144-7/+68
| | | |
| | * | Add validation check for presence of forbidden query parameters in OAuth2 ↵Abhishek Patel2019-05-144-1/+18
| |/ / | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint
| * | Merge pull request #671 from oauthlib/670-pkce-requestinfoJonathan Huot2019-05-072-2/+7
| |\ \ | | | | | | | | Fix 670. AuthCode API must return the new PKCE attribute
| | * \ Merge branch 'master' into 670-pkce-requestinfoJonathan Huot2019-05-0712-29/+396
| | |\ \ | | |/ / | |/| |
| * | | Merge pull request #674 from bungoume/patch-1Jonathan Huot2019-05-072-4/+79
| |\ \ \ | | | | | | | | | | token_type should be case insensitive
| | * \ \ Merge branch 'master' into patch-1Jonathan Huot2019-05-0710-25/+317
| | |\ \ \ | | |/ / / | |/| | |
| * | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token` (#660)Jonathan Huot2019-05-068-22/+303
| |\ \ \ \ | | | | | | | | | | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token`
| | * \ \ \ Merge branch 'master' into oidc-hashesoidc-hashesJonathan Huot2019-05-062-3/+14
| | |\ \ \ \ | | |/ / / / | |/| | | |
| * | | | | Add case-insensitive headers to oauth1 BaseEndpoint (#669)Jonathan Huot2019-05-062-3/+14
| |\ \ \ \ \ | | | | | | | | | | | | | | Add case-insensitive headers to oauth1 BaseEndpoint
| | * | | | | Add case-insensitive headers to oauth1 BaseEndpointJordan Gardner2019-05-012-3/+14
| |/ / / / /
| | * | | | Removed wrong assumption from copy/paste of get_autho.._scopes.Jonathan Huot2019-04-291-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | This function should always have a good client_id and redirect_uri, because it is called after validate_token_request()
| | * | | | Fix typo gave/haveJonathan Huot2019-04-291-2/+2
| | | | | |
| | * | | | Fix docstring about return valueJonathan Huot2019-04-291-1/+1
| | | | | |
| | * | | | Merge branch 'master' into oidc-hashesJonathan Huot2019-04-267-1/+49
| | |\ \ \ \ | | |/ / / / | |/| | | |
| | * | | | Merge branch 'master' into oidc-hashesJonathan Huot2019-04-234-35/+35
| | |\ \ \ \
| | * | | | | Python2.7 compatibleJonathan Huot2019-03-262-4/+4
| | | | | | |
| | * | | | | Add unittests for OIDC GrantTypeBase.Jonathan Huot2019-03-262-3/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename hash_id_token into id_token_hash
| | * | | | | Use native operator instead type conversionJonathan Huot2019-03-261-1/+1
| | | | | | |
| | * | | | | Renamed fill into finalize to add clarityJonathan Huot2019-03-264-10/+10
| | | | | | |
| | * | | | | Merge branch 'master' into oidc-hashesJonathan Huot2019-03-054-6/+6
| | |\ \ \ \ \
| | * | | | | | Change to 3.0.2-dev as long as master is in "dev"Jonathan Huot2019-03-052-2/+2
| | | | | | | |
| | * | | | | | Add c_hash. Add summary about when nonce/hashes are added to id_tokenJonathan Huot2019-02-281-0/+29
| | | | | | | |
| | * | | | | | Add technicals fields of `id_token` in oauthlib OIDC supportJonathan Huot2019-02-286-17/+166
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new RequestValidator `fill_id_token` has been introduced to replace `get_id_token`. It aims to have the bare minimum amount of fields to complete a full OIDC id_token support. `get_id_token` is still valid but optional, and if it is implemented, `fill_id_token` will not be called. The current `fill_id_token` came with full support of `aud`, `iat`, `nonce`, `at_hash` and `c_hash`. More could come in the future e.g. `auth_time`, ...
| | * | | | | | Removed duplicated OIDC members in OAuth2.RequestValidatorJonathan Huot2019-02-283-184/+5
| | | | | | | |
| | | | | * | | Add valid testcaseY.Umezaki2019-05-071-0/+28
| | | | | | | |
| | | | | * | | Add token tests from #491Y.Umezaki2019-05-071-2/+49
| | | | | | | |
| | | | | * | | token_type should be case insensitiveume2019-05-011-2/+2
| | |_|_|/ / / | |/| | | | |
| | | | | * | Fix 670. AuthCode API must return the new PKCE attribute670-pkce-requestinfoJonathan Huot2019-04-262-2/+7
| | |_|_|/ / | |/| | | |
| | | | | * Handle null value in expires_in field in JSON handlerJosh Holmer2019-04-302-1/+22
| | |_|_|/ | |/| | | | | | | | | | | | | Closes #672
| * | | | Fix issue #665: Add method to get / set debug flag (#668)Merge pull request ↵Jonathan Huot2019-04-247-1/+49
| |\ \ \ \ | | |_|_|/ | |/| | | | | | | | | | | | | #668 from Abhishek8394/issue-665 Fix issue #665: Add method to get / set debug flag
| | * | | Update documentationAbhishek Patel2019-04-233-1/+10
| | | | |
| | * | | refactor to get_debugAbhishek Patel2019-04-232-3/+3
| | | | | | | | | | | | | | | | | | | | - Oauthlib's debug mode can be checked with method
View Lorry Controller Status