| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| | |
As spelled on https://pypi.org/.
|
| |
| |
| | |
(Cherry picked from f3ae98cef91e140b10d25fbd496622d879cc0c0c)
|
| | |
|
|/
|
|
|
| |
While the previous documentation was not wrong in that non-formencoded data are not included in the signature for traditional OAuth1 service providers, the library does still include an `oauth_body_hash` for non-formencoded data.
Update the documentation to include mention of the `oauth_body_hash` with a notice that validation of said parameter may not be supported by all service providers, but will nevertheless provide an additional integrity check for those that do support it.
|
| |
|
|\ |
|
| |\ |
|
| | |
| | |
| | |
| | | |
A confusion between JWT as token and as authentication mechanism was introduced long-time back and I tried to make a bit of clarity to not confuse again the newcomers.
|
| |/
|/| |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The secrets module should be used for generating cryptographically
strong random numbers suitable for managing data such as passwords,
account authentication, security tokens, and related secrets.
In particularly, secrets should be used in preference to the default
pseudo-random number generator in the random module, which is
designed for modelling and simulation, not security or cryptography.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Added sphinx build for developers
Rationale is to build docs locally to prevent RTD to break later.
* Replace manual sphinx into make
* Renamed idan URL to oauthlib community
* Renamed http into https URLs since http is returning 302
* python requests library renamed its home URL
* Add ignore list for "make linkcheck"
linkcheck is doing requests to github with anonymous access, however creating an issue require an logged-in account
* virtualenv changed its homepage and website.
* Fixed broken link
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
| |
Fixed grammar on line 7.
|
| |
|
| |
|
|\
| |
| | |
Openid connect
|
| |
| |
| |
| |
| |
| | |
AuthCodeGrantDispatcher to route requests to either the default AuthorizationCodeGrant or OpenIDConnectAuthCode depending on scope when the request's response_type is a simple (ambiguous) 'code'.
Include basic docs about OpenID Connect auth flow support
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(#427)
As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:
> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.
Test Plan: Manually visited all the links I’ve modified.
|
|/ |
|
| |
|
|\
| |
| | |
Fix documentation for token_generator signature
|
| | |
|
|\ \
| | |
| | | |
fix method params and clarify oauth_protected
|
| |/ |
|
| | |
|
| |
| |
| |
| | |
PyJWT helpers. Reformat some test certificates to be easier to maintain. Update documentation to match use of cryptography instead of PyCrypto
|
|\ \
| | |
| | | |
Fix documentation
|
| |/
| |
| | |
typo
|
|/ |
|
|
|
|
| |
contains a string with the scopes separated by spaces
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Draft release process doc to try force myself into more
structured releases in the future.
A few initial notes on how to report errors.
Added a few common exceptions to the FAQ.
Removed supported versions from feature matrix. They are all
available in setup.py metadata.
Move JWT tokens to grant types where it (confusingly) belongs.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In certain cases a provider may wish to verify the signature of an
oauth request without doing anything more with it. Learning Tools
Interoperability (LTI), for example, uses "0-legged OAuth" for it's
signature verification process.
http://www.imsglobal.org/lti/
http://andyfmiller.com/2013/02/10/does-lti-use-oauth/
This adds a new ``SignatureOnlyEndpoint`` that implements only the
client validation and signature verification, and leaves off the other
parts that would need to be validated.
|
|
|
| |
django-oauth-tools doesn't seem to support oauth1.
|
| |
|