summaryrefslogtreecommitdiff
path: root/oauthlib/oauth2/rfc6749
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into oidc-userinfoJonathan Huot2019-07-046-7/+55
|\
| * Merge branch 'master' into 672-fix-null-expires-inJonathan Huot2019-07-041-0/+1
| |\
| | * Fix BackendApplicationClient.prepare_request_bodyqporest2019-07-021-0/+1
| | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`.
| * | Merge branch 'master' into 672-fix-null-expires-inOmer Katz2019-06-298-8/+58
| |\ \ | | |/
| | * Check for authorization response errorsMark Gregson2019-06-061-3/+6
| | |
| | * Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵Abhishek Patel2019-05-144-2/+28
| | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body.
| | * Ban all query parameters on Intropspection, Token and Revocation endpopointAbhishek Patel2019-05-141-8/+4
| | |
| | * Add tests + create a global variable for blacklisted query parametersAbhishek Patel2019-05-141-7/+9
| | |
| | * Add validation check for presence of forbidden query parameters in OAuth2 ↵Abhishek Patel2019-05-144-1/+18
| | | | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint
| * | Handle null value in expires_in field in JSON handlerJosh Holmer2019-04-301-1/+4
| | | | | | | | | | | | Closes #672
* | | Removed duplicated code for oauth2.BaseEndpointJonathan Huot2019-05-131-48/+2
| |/ |/|
* | Merge branch 'master' into 670-pkce-requestinfoJonathan Huot2019-05-072-2/+5
|\ \
| * \ Merge branch 'master' into patch-1Jonathan Huot2019-05-071-0/+3
| |\ \
| | * \ Merge branch 'master' into oidc-hashesJonathan Huot2019-04-234-35/+35
| | |\ \ | | | |/
| | * | Add technicals fields of `id_token` in oauthlib OIDC supportJonathan Huot2019-02-281-0/+3
| | | | | | | | | | | | | | | | A new RequestValidator `fill_id_token` has been introduced to replace `get_id_token`. It aims to have the bare minimum amount of fields to complete a full OIDC id_token support. `get_id_token` is still valid but optional, and if it is implemented, `fill_id_token` will not be called. The current `fill_id_token` came with full support of `aud`, `iat`, `nonce`, `at_hash` and `c_hash`. More could come in the future e.g. `auth_time`, ...
| | * | Removed duplicated OIDC members in OAuth2.RequestValidatorJonathan Huot2019-02-281-182/+0
| | | |
| * | | token_type should be case insensitiveume2019-05-011-2/+2
| | |/ | |/|
* | | Fix 670. AuthCode API must return the new PKCE attribute670-pkce-requestinfoJonathan Huot2019-04-261-0/+3
|/ /
* | fix include_client_id argumentArjan Keeman2019-04-014-35/+35
| |
* | Removed duplicated OIDC members in OAuth2.RequestValidatorJonathan Huot2019-02-281-182/+0
|/
* Remove usage of "state" for code/token response.Jonathan Huot2019-02-221-7/+1
|
* Add clarity to the deprecation warningJonathan Huot2019-02-211-2/+2
|
* Fix 652: removed "state" from /token response.Jonathan Huot2019-02-206-15/+21
| | | | | | Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used.
* pep8 and docsDuane King2019-01-241-13/+22
|
* Fix 644, Add tests for BasicAuth credentials for all endpoints (#645)Jonathan Huot2019-01-112-8/+8
| | | Test Introspect, Revoke, Token (web, legacy, backend) endpoints with authenticate_client and HTTP Basic Auth.
* Merge branch 'master' into dry-up-codedry-up-codeJonathan Huot2018-12-201-9/+33
|\
| * Merge branch 'master' into add-metadata-docJonathan Huot2018-12-164-15/+266
| |\
| * | Add OAuth2.0 Authorization Server Metadata documentationJonathan Huot2018-12-131-9/+33
| | |
* | | Fix typo.Omer Katz2018-12-173-3/+3
| | |
* | | Merge branch 'master' into dry-up-codeOmer Katz2018-12-179-28/+308
|\ \ \ | | |/ | |/|
| * | Fixed OAuth2 Metadata when using PKCE and OIDC.Server601-pkce-supportJonathan Huot2018-12-141-1/+6
| | |
| * | Fixed typoJonathan Huot2018-12-131-1/+1
| | |
| * | Merge branch 'master' into 601-pkce-supportJonathan Huot2018-12-1312-19/+57
| |\ \ | | |/
| | * Merge branch 'master' into 264-status401Jonathan Huot2018-12-135-6/+15
| | |\
| | * | Add Content-Type and Cache headers to introspect/revocation errorsJonathan Huot2018-12-132-7/+14
| | | |
| | * | Add double-quotes to the key/values in WWW-Authenticate264-status401Jonathan Huot2018-12-121-3/+3
| | | |
| | * | Used WWW-Authenticate and auth-param values as RFC6750 described it.Jonathan Huot2018-12-127-14/+27
| | | | | | | | | | | | | | | | It misses the possibility to add scope= and realm= at the moment, but it should be a step forward into the right direction.
| | * | Handle 401 with WWW-Authenticate. Moved wrong 401 into 400.Jonathan Huot2018-12-047-6/+15
| | | | | | | | | | | | | | | | access_denied/unauthorized_client/consent_required/login_required MUST be 400, and not 401. Also, 401 MUST have WWW-Authenticate when set. It could have an impact of processing those in webframeworks.
| * | | Add details on grant_type & implicit special case.Jonathan Huot2018-12-131-0/+12
| | | |
| * | | Replace temporary list by using clearer "extend" methodJonathan Huot2018-12-131-1/+1
| | | |
| * | | Merge pull request #624 from oauthlib/preconf-server-metadataJonathan Huot2018-12-111-3/+9
| |\ \ \ | | | | | | | | | | Preconf server metadata
| | * | | Add Server metadata test and fix metadata.Jonathan Huot2018-11-301-3/+9
| | | | | | | | | | | | | | | | | | | | Fix grant_types_supported which must include "implicit" even if it is not a grant_type in oauthlib sense. Removed internal "none" field value from the list of response_types.
| * | | | Merge branch 'master' into 601-pkce-supportJonathan Huot2018-12-111-1/+3
| |\ \ \ \ | | |/ / / | |/| / / | | |/ /
| * | | Add OAuth2 Provider Server Metadata for PKCE.Jonathan Huot2018-11-301-0/+2
| | | |
| * | | Initial OAuth2.0/PKCE Provider supportJonathan Huot2018-11-293-12/+238
| | | |
* | | | Extract raising on unsupported token.Omer Katz2018-12-173-11/+10
| | | |
* | | | Extract raising error on client auth failure.Omer Katz2018-12-173-21/+15
| | | |
* | | | Raise error on missing token.Omer Katz2018-12-173-9/+11
| | | |
* | | | Extract redirect handling to a common method.Omer Katz2018-12-173-70/+59
| | | |
* | | | Extract default grant headers to helper method.Omer Katz2018-12-175-21/+13
| |_|/ |/| |
View Lorry Controller Status