Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | rm comma after Bearer in WWW-Authenticate header | kamenev | 2021-11-14 | 1 | -2/+2 |
| | |||||
* | Sorted tests import per isort 4.3.21 | Anton Ruhlov | 2020-04-10 | 1 | -2/+1 |
| | |||||
* | Use unittest.mock instead of external mock | Michał Górny | 2020-03-16 | 1 | -1/+1 |
| | | | | | | Replace the use of external 'mock' package with built-in Python unittest.mock (present since py3.3). This also fixes all test failures for me. | ||||
* | The future is now | Hugo | 2019-08-15 | 1 | -2/+0 |
| | |||||
* | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵ | Abhishek Patel | 2019-05-14 | 1 | -0/+15 |
| | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body. | ||||
* | Ban all query parameters on Intropspection, Token and Revocation endpopoint | Abhishek Patel | 2019-05-14 | 1 | -4/+2 |
| | |||||
* | Add tests + create a global variable for blacklisted query parameters | Abhishek Patel | 2019-05-14 | 1 | -0/+16 |
| | |||||
* | Add Content-Type and Cache headers to introspect/revocation errors | Jonathan Huot | 2018-12-13 | 1 | -4/+19 |
| | |||||
* | Add double-quotes to the key/values in WWW-Authenticate264-status401 | Jonathan Huot | 2018-12-12 | 1 | -2/+2 |
| | |||||
* | Used WWW-Authenticate and auth-param values as RFC6750 described it. | Jonathan Huot | 2018-12-12 | 1 | -2/+2 |
| | | | | It misses the possibility to add scope= and realm= at the moment, but it should be a step forward into the right direction. | ||||
* | Handle 401 with WWW-Authenticate. Moved wrong 401 into 400. | Jonathan Huot | 2018-12-04 | 1 | -2/+2 |
| | | | | access_denied/unauthorized_client/consent_required/login_required MUST be 400, and not 401. Also, 401 MUST have WWW-Authenticate when set. It could have an impact of processing those in webframeworks. | ||||
* | Sorted imports. | Omer Katz | 2017-09-17 | 1 | -0/+1 |
| | |||||
* | Python 3 fixes | Andy Kipp | 2016-12-06 | 1 | -1/+1 |
| | |||||
* | Fix tests | Andy Kipp | 2016-12-06 | 1 | -13/+23 |
| | |||||
* | add token_type_hint to the list of default Request params | Massimiliano Pippi | 2015-07-20 | 1 | -0/+8 |
| | |||||
* | Add code to determine if client authentication is required for OAuth2 ↵ | Weipin Xia | 2015-07-19 | 1 | -0/+12 |
| | | | | endpoint "revocation" | ||||
* | Fix tests for #300 merged | Hsiaoming Yang | 2015-07-06 | 1 | -5/+3 |
| | |||||
* | Merge pull request #300 from jbkkd/master | Hsiaoming Yang | 2015-07-06 | 1 | -1/+1 |
|\ | | | | | Revocation endpoint should return empty string, not Python 'None' | ||||
| * | Updated revocation test | Omer Korner | 2014-11-26 | 1 | -1/+1 |
| | | |||||
* | | Add code to determine if client authentication is required for OAuth2 ↵ | Weipin Xia | 2015-05-07 | 1 | -0/+12 |
|/ | | | | endpoint "revocation" | ||||
* | Allow invalid token_type_hint. | Rodney Richardson | 2014-10-07 | 1 | -11/+2 |
| | | | | | Invalid token_type_hints should be ignored. This looks to have been broken in 6ffcc4f2ae6b66e42c1f58b6de634fe969b473a0 | ||||
* | Make jsonp support in revocation endpoint optional. | Ib Lundgren | 2014-09-25 | 1 | -4/+14 |
| | | | | Also include the error in jsonp callback. | ||||
* | Draft 11 Token Revocation Endpoint. | Ib Lundgren | 2013-09-17 | 1 | -0/+65 |