Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'master' into release-3.0.2release-3.0.2 | Jonathan Huot | 2019-07-19 | 47 | -329/+1979 |
|\ | |||||
| * | Handle null value in expires_in field in JSON handler (#675) | Jonathan Huot | 2019-07-04 | 2 | -1/+22 |
| |\ | | | | | | | Handle null value in expires_in field in JSON handler | ||||
| | * | Merge branch 'master' into 672-fix-null-expires-in | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
| | |\ | | |/ | |/| | |||||
| * | | Fix BackendApplicationClient.prepare_request_body (#682) | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
| |\ \ | | | | | | | | | Fix BackendApplicationClient.prepare_request_body | ||||
| | * \ | Merge branch 'master' into patch-2 | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
| | |\ \ | | |/ / | |/| | | |||||
| | * | | Fix BackendApplicationClient.prepare_request_body | qporest | 2019-07-02 | 1 | -0/+1 |
| | | | | | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`. | ||||
| | | * | Merge branch 'master' into 672-fix-null-expires-in | Josh Holmer | 2019-07-03 | 1 | -1/+1 |
| | | |\ | | |_|/ | |/| | | |||||
| * | | | Error in timestamp comparison | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
| |/ / | |||||
| | * | Merge branch 'master' into 672-fix-null-expires-in | Omer Katz | 2019-06-29 | 27 | -47/+1765 |
| | |\ | | |/ | |/| | |||||
| * | | Check for errors in authorization code response (#680) | Jonathan Huot | 2019-06-12 | 2 | -6/+12 |
| |\ \ | | | | | | | | | Check for errors in authorization code response | ||||
| | * \ | Merge branch 'master' into 290-code-response-errors | Jonathan Huot | 2019-06-12 | 1 | -0/+12 |
| | |\ \ | | |/ / | |/| | | |||||
| * | | | Create FUNDING.yml | Omer Katz | 2019-06-11 | 1 | -0/+12 |
| | | | | |||||
| | * | | Check for authorization response errors | Mark Gregson | 2019-06-06 | 2 | -6/+12 |
| |/ / | |||||
| * | | Merge pull request #667 from Abhishek8394/sanitize-get | Jonathan Huot | 2019-05-19 | 10 | -10/+1338 |
| |\ \ | | | | | | | | | Fix Issue #666: ban 'client_secret' and 'code_verifier' from url query params | ||||
| | * | | Downgrade python to match with Travis | Jonathan Huot | 2019-05-16 | 1 | -0/+1 |
| | | | | |||||
| | * | | Updated bandit baseline after review | Jonathan Huot | 2019-05-16 | 1 | -5/+1179 |
| | | | | |||||
| | * | | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵ | Abhishek Patel | 2019-05-14 | 8 | -21/+107 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body. | ||||
| | * | | Ban all query parameters on Intropspection, Token and Revocation endpopoint | Abhishek Patel | 2019-05-14 | 4 | -26/+15 |
| | | | | |||||
| | * | | Add tests + create a global variable for blacklisted query parameters | Abhishek Patel | 2019-05-14 | 4 | -7/+68 |
| | | | | |||||
| | * | | Add validation check for presence of forbidden query parameters in OAuth2 ↵ | Abhishek Patel | 2019-05-14 | 4 | -1/+18 |
| |/ / | | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint | ||||
| * | | Merge pull request #671 from oauthlib/670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 2 | -2/+7 |
| |\ \ | | | | | | | | | Fix 670. AuthCode API must return the new PKCE attribute | ||||
| | * \ | Merge branch 'master' into 670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 12 | -29/+396 |
| | |\ \ | | |/ / | |/| | | |||||
| * | | | Merge pull request #674 from bungoume/patch-1 | Jonathan Huot | 2019-05-07 | 2 | -4/+79 |
| |\ \ \ | | | | | | | | | | | token_type should be case insensitive | ||||
| | * \ \ | Merge branch 'master' into patch-1 | Jonathan Huot | 2019-05-07 | 10 | -25/+317 |
| | |\ \ \ | | |/ / / | |/| | | | |||||
| * | | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token` (#660) | Jonathan Huot | 2019-05-06 | 8 | -22/+303 |
| |\ \ \ \ | | | | | | | | | | | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token` | ||||
| | * \ \ \ | Merge branch 'master' into oidc-hashesoidc-hashes | Jonathan Huot | 2019-05-06 | 2 | -3/+14 |
| | |\ \ \ \ | | |/ / / / | |/| | | | | |||||
| * | | | | | Add case-insensitive headers to oauth1 BaseEndpoint (#669) | Jonathan Huot | 2019-05-06 | 2 | -3/+14 |
| |\ \ \ \ \ | | | | | | | | | | | | | | | Add case-insensitive headers to oauth1 BaseEndpoint | ||||
| | * | | | | | Add case-insensitive headers to oauth1 BaseEndpoint | Jordan Gardner | 2019-05-01 | 2 | -3/+14 |
| |/ / / / / | |||||
| | * | | | | Removed wrong assumption from copy/paste of get_autho.._scopes. | Jonathan Huot | 2019-04-29 | 1 | -3/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | This function should always have a good client_id and redirect_uri, because it is called after validate_token_request() | ||||
| | * | | | | Fix typo gave/have | Jonathan Huot | 2019-04-29 | 1 | -2/+2 |
| | | | | | | |||||
| | * | | | | Fix docstring about return value | Jonathan Huot | 2019-04-29 | 1 | -1/+1 |
| | | | | | | |||||
| | * | | | | Merge branch 'master' into oidc-hashes | Jonathan Huot | 2019-04-26 | 7 | -1/+49 |
| | |\ \ \ \ | | |/ / / / | |/| | | | | |||||
| | * | | | | Merge branch 'master' into oidc-hashes | Jonathan Huot | 2019-04-23 | 4 | -35/+35 |
| | |\ \ \ \ | |||||
| | * | | | | | Python2.7 compatible | Jonathan Huot | 2019-03-26 | 2 | -4/+4 |
| | | | | | | | |||||
| | * | | | | | Add unittests for OIDC GrantTypeBase. | Jonathan Huot | 2019-03-26 | 2 | -3/+107 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename hash_id_token into id_token_hash | ||||
| | * | | | | | Use native operator instead type conversion | Jonathan Huot | 2019-03-26 | 1 | -1/+1 |
| | | | | | | | |||||
| | * | | | | | Renamed fill into finalize to add clarity | Jonathan Huot | 2019-03-26 | 4 | -10/+10 |
| | | | | | | | |||||
| | * | | | | | Merge branch 'master' into oidc-hashes | Jonathan Huot | 2019-03-05 | 4 | -6/+6 |
| | |\ \ \ \ \ | |||||
| | * | | | | | | Change to 3.0.2-dev as long as master is in "dev" | Jonathan Huot | 2019-03-05 | 2 | -2/+2 |
| | | | | | | | | |||||
| | * | | | | | | Add c_hash. Add summary about when nonce/hashes are added to id_token | Jonathan Huot | 2019-02-28 | 1 | -0/+29 |
| | | | | | | | | |||||
| | * | | | | | | Add technicals fields of `id_token` in oauthlib OIDC support | Jonathan Huot | 2019-02-28 | 6 | -17/+166 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new RequestValidator `fill_id_token` has been introduced to replace `get_id_token`. It aims to have the bare minimum amount of fields to complete a full OIDC id_token support. `get_id_token` is still valid but optional, and if it is implemented, `fill_id_token` will not be called. The current `fill_id_token` came with full support of `aud`, `iat`, `nonce`, `at_hash` and `c_hash`. More could come in the future e.g. `auth_time`, ... | ||||
| | * | | | | | | Removed duplicated OIDC members in OAuth2.RequestValidator | Jonathan Huot | 2019-02-28 | 3 | -184/+5 |
| | | | | | | | | |||||
| | | | | * | | | Add valid testcase | Y.Umezaki | 2019-05-07 | 1 | -0/+28 |
| | | | | | | | | |||||
| | | | | * | | | Add token tests from #491 | Y.Umezaki | 2019-05-07 | 1 | -2/+49 |
| | | | | | | | | |||||
| | | | | * | | | token_type should be case insensitive | ume | 2019-05-01 | 1 | -2/+2 |
| | |_|_|/ / / | |/| | | | | | |||||
| | | | | * | | Fix 670. AuthCode API must return the new PKCE attribute670-pkce-requestinfo | Jonathan Huot | 2019-04-26 | 2 | -2/+7 |
| | |_|_|/ / | |/| | | | | |||||
| | | | | * | Handle null value in expires_in field in JSON handler | Josh Holmer | 2019-04-30 | 2 | -1/+22 |
| | |_|_|/ | |/| | | | | | | | | | | | | | Closes #672 | ||||
| * | | | | Fix issue #665: Add method to get / set debug flag (#668)Merge pull request ↵ | Jonathan Huot | 2019-04-24 | 7 | -1/+49 |
| |\ \ \ \ | | |_|_|/ | |/| | | | | | | | | | | | | | #668 from Abhishek8394/issue-665 Fix issue #665: Add method to get / set debug flag | ||||
| | * | | | Update documentation | Abhishek Patel | 2019-04-23 | 3 | -1/+10 |
| | | | | | |||||
| | * | | | refactor to get_debug | Abhishek Patel | 2019-04-23 | 2 | -3/+3 |
| | | | | | | | | | | | | | | | | | | | | - Oauthlib's debug mode can be checked with method |