| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | | |
|
| | | |
|
| | |\ |
|
| | | | |
|
| | |\ \
| | |/ |
|
| | | |\ |
|
| | | | |\ |
|
| | | | | | |
|
| | | | |/ |
|
| | | |/
| | |
| | |
| | | |
Authorization Code was missing this check, whereas Implicit was checking it.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add command to clean up builds to makefile
* Fix docs strings for endpoints pre_configured
* Chnage grant_types.openid_connect to include a deprecation warning be a backward compatible
* Fix doc string for rfc6749.request_validator
* Remove unused import
* Change import to be explicity
* Move JWTTokenTestCase to openid.connect.core.test_token
* Move JWTToken to oauthlib.openid.connect.core.tokens
* Move to openid connect test
* Move openid connect exceptions to its own file
* Remove openid connect from oauth2 server
* Remove JWTToken from oauth tokens
* Remove grant_types.openid_connect file
* Add oauthlib/openid estructure and tests
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add testcase for prepare_token_request()
* Add testcase for InsecureTransportError in add_token()
* Fix typo in testcase of add_token() for MAC token type
* Add testcase for TokenExpiredError in add_token()
* Add testcase for prepare_request_body without private key
* Add testcase for optional kwargs in prepare_request_body()
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add JWT token with it the server knows how to validate this new type of token in resource requests
* Change find_token_type sorted function to reverse result and choose the valued estimated token handler
* Add validate_id_token method to RequestValidator
* Added unittest for JWTToken model
* Updated version of Mock
* Add get_jwt_bearer_token and validate_jwt_bearer_token oauthlib.oauth2.RequestValidator and change oauthlib.oauth2.tokens JWTToken to use it
* Change to improve token type estimate test
* Add a note in RequestValidator.validate_jwt_bearer_token about error 5xx rather 4xx
|
| | |
| |
| |
| |
| |
| | |
Previously, cliend_id was always included in the request body
in the Authorization Code flow and the client_id parameter
was ignored in contradiction with the docs.
Fixes #495
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add support for HMAC-SHA256
* Add explicit declaration of HMAC-SHA1 and point HMAC at it
To avoid confusion, HMAC constant name should explicitly state which SHA variant is used, but for backwards compatibility, SIGNATURE_HMAC is still needed
* add support for HMAC-SHA256 including tests and comments
* constructor tests verify client built with correct signer method
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Change create_token_response to only save access_token when it's present in request.response_type
* Remove unused import, fix indentation and improve comment
* Fix AuthorizationEndpoint response_type for OpenID Connect hybrid flow
* Add new ImplicitTokenGrantDispatcher
Changes AuthorizationEndpoint response_type `'token'`, `'id_token'` and
`'id_token token'` to work with OpenID Connect and OAuth2 implicit flow
in a transparent way
* Add new AuthTokenGrantDispatcher
Change AuthorizationEndpoint grant_types `'authorization_code'` to work with
OpenID Connect and OAuth2 authorization flow in a transparent way
* Change tests to include required client_id and redirect_uri
* Remove AuthorizationEndpoint grant_types `'openid'`
Now OpenID Connect and OAuth2 authorization flow can use `authorization_code`
in a transparent way
* Add sone blank lines and fix indentation
* Change AuthorizationEndpoint grant type id_token and id_token token to use openid_connect_implicit direct
* Change default empty value to None and fix a typo
* Add assert called to AuthTokenGrantDispatcher tests
* Add request to get_authorization_code_scopes
|
| | |
|
| | |
|
| |\
| |
| | |
Replace all uses of assertEquals with assertEqual
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
assertEquals is deprecated in favor of assertEqual.
When running tests, fixes warnings of the form:
DeprecationWarning: Please use assertEqual instead.
For more information, see:
https://docs.python.org/3/library/unittest.html#deprecated-aliases
|
| | | |
|
| |/ |
|
| | |
|
| |\
| |
| | |
Public clients should be validated when revoking tokens
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Update proxy keys on CaseInsensitiveDict.update()
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
Fixes bug with 'prompt' parameter
|
| | |/ |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the scope_to_list() util to initalize the request.scopes list from
the request.scope request parameter in two place where it was instead
being set to None.
- AuthorizationEndpoint.validate_authorization_request()
- TokenEndpoint.create_token_response()
In both cases the Request should be properly populated before it is
passed to the client's validator.
In the case of the TokenEndpoint - there are OAuth2 workflows that
allow an optional scope parameter so we should have been doing this
for them anyway.
Since scope_to_list() may return None, also update the openid_connect
code to behave properly when this is the case.
Fixes #436
|
| |\
| |
| | |
Openid connect
|
| | |
| |
| |
| | |
haste-y inclusion in the Resource endpoint. It is an optional parameter to the Authorization Code endpoint and so needs to be stored with both the generated authorization code grant and any subsequent access token issued to that authorization code.
|
