Merge branch 'master' into master

19 files changed, 88 insertions, 52 deletions

diff --git a/.gitignore b/.gitignore
index 4515c8f..6f24649 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,7 @@ pip-log.txt
 .coverage
 .tox
 coverage
+htmlcov*
 
 #Translations
 *.mo
@@ -32,6 +33,8 @@ coverage
 # Local file cruft/auto-backups
 .DS_Store
 *~
+**/#*#
+**/.#*
 
 # Sphinx
 docs/_build
diff --git a/LICENSE b/LICENSE
index c10d256..84b5c75 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2011 Idan Gazit and contributors
+Copyright (c) 2018 The OAuthlib Community
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -24,4 +24,4 @@ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/Makefile b/Makefile
index f9cc4ab..64fdc8e 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,7 @@ clean: clean-eggs clean-build
 	@find . -iname '__pycache__' -delete
 	rm -rf .tox
 	rm -rf bottle-oauthlib
+	rm -rf dance
 	rm -rf django-oauth-toolkit
 	rm -rf flask-oauthlib
 	rm -rf requests-oauthlib
@@ -65,6 +66,13 @@ requests:
 	cd requests-oauthlib 2>/dev/null || git clone https://github.com/requests/requests-oauthlib.git
 	cd requests-oauthlib && sed -i.old 's,deps=,deps = --editable=file://{toxinidir}/../[signedtoken],' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox
 
+dance:
+	#---------------------------
+	# Library singingwolfboy/flask-dance
+	# Contacts: singingwolfboy
+	cd flask-dance 2>/dev/null || git clone https://github.com/singingwolfboy/flask-dance.git
+	cd flask-dance && sed -i.old 's,deps=,deps = --editable=file://{toxinidir}/../,' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox 
+
 .DEFAULT_GOAL := all
-.PHONY: clean test bottle django flask requests
-all: clean test bottle django flask requests
+.PHONY: clean test bottle dance django flask requests
+all: clean test bottle dance django flask requests
diff --git a/README.rst b/README.rst
index b477e41..394a984 100644
--- a/README.rst
+++ b/README.rst
@@ -11,10 +11,10 @@ logic for Python 2.7 and 3.4+.*
   :target: https://coveralls.io/r/oauthlib/oauthlib
   :alt: Coveralls
 .. image:: https://img.shields.io/pypi/pyversions/oauthlib.svg
-  :target: https://pypi.python.org/pypi/oauthlib
+  :target: https://pypi.org/project/oauthlib/
   :alt: Download from PyPi
 .. image:: https://img.shields.io/pypi/l/oauthlib.svg
-  :target: https://pypi.python.org/pypi/oauthlib
+  :target: https://pypi.org/project/oauthlib/
   :alt: License
 .. image:: https://img.shields.io/readthedocs/oauthlib.svg
   :target: https://oauthlib.readthedocs.io/en/latest/index.html
@@ -104,6 +104,18 @@ License
 OAuthLib is yours to use and abuse according to the terms of the BSD license.
 Check the LICENSE file for full details.
 
+Credits
+-------
+
+OAuthLib has been started and maintained several years by Idan Gazit and other
+amazing `AUTHORS`_. Thanks to their wonderful work, the open-source `community`_
+creation has been possible and the project can stay active and reactive to users
+requests.
+
+
+.. _`AUTHORS`: https://github.com/oauthlib/oauthlib/blob/master/AUTHORS
+.. _`community`: https://github.com/oauthlib/
+
 Changelog
 ---------
 
diff --git a/docs/conf.py b/docs/conf.py
index 017f686..2594e38 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -41,7 +41,7 @@ master_doc = 'index'
 
 # General information about the project.
 project = u'OAuthLib'
-copyright = u'2012, Idan Gazit and the Python Community'
+copyright = u'2018, The OAuthlib Community'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
diff --git a/docs/contributing.rst b/docs/contributing.rst
index 601c567..3a23d70 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -35,7 +35,7 @@ Setting up topic branches and generating pull requests
 
 While it's handy to provide useful code snippets in an issue, it is better for
 you as a developer to submit pull requests. By submitting pull request your
-contribution to OpenComparison will be recorded by Github.
+contribution to OAuthlib will be recorded by Github.
 
 In git it is best to isolate each topic or feature into a "topic branch". While
 individual commits allow you control over how small individual changes are made
@@ -127,7 +127,7 @@ request that fails this test suite will be **rejected**.
 Testing multiple versions of Python
 -----------------------------------
 
-OAuthLib supports Python 2.6, 2.7, 3.2, 3.3 and experimentally PyPy. Testing
+OAuthLib supports Python 2.7, 3.4, 3.5, 3.6 and PyPy. Testing
 all versions conveniently can be done using `Tox`_.
 
 .. sourcecode:: bash
@@ -150,6 +150,17 @@ version. For Ubuntu you can easily install all after adding one ppa.
 .. _`Tox`: https://tox.readthedocs.io/en/latest/install.html
 .. _`virtualenv`: https://virtualenv.pypa.io/en/latest/installation/
 
+Test upstream applications
+-----------------------------------
+
+Remember, OAuthLib is used by several 3rd party projects. If you think you
+submit a breaking change, confirm that other projects builds are not affected.
+
+.. sourcecode:: bash
+
+   $ make
+
+
 If you add code you need to add tests!
 --------------------------------------
 
@@ -207,7 +218,7 @@ How pull requests are checked, tested, and done
 
 First we pull the code into a local branch::
 
-    git remote add <submitter-github-name> git@github.com:<submitter-github-name>/opencomparison.git
+    git remote add <submitter-github-name> git@github.com:<submitter-github-name>/oauthlib.git
     git fetch <submitter-github-name>
     git checkout -b <branch-name> <submitter-github-name>/<branch-name>
 
diff --git a/docs/faq.rst b/docs/faq.rst
index 38b0e92..d9cd5c6 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -14,19 +14,23 @@ What parts of OAuth 1 & 2 are supported?
 OAuth 1 with RSA-SHA1 signatures says "could not import cryptography". What should I do?
 ----------------------------------------------------------------------------------
 
-    Install cryptography via pip.
+    Install oauthlib with rsa flag or install cryptography manually via pip.
 
 .. code-block:: sh
 
+    $ pip install oauthlib[rsa]
+    ..or..
     $ pip install cryptography
 
 OAuth 2 ServiceApplicationClient and OAuth 1 with RSA-SHA1 signatures say "could not import jwt". What should I do?
 -------------------------------------------------------------------------------------------------------------------
 
-    Install pyjwt and cryptography with pip.
+    Install oauthlib with signedtoken flag or install pyjwt and cryptography manually with pip.
 
 .. code-block:: sh
 
+    $ pip install oauthlib[signedtoken]
+    ..or..
     $ pip install pyjwt cryptography
 
 What does ValueError `Only unicode objects are escapable. Got one of type X.` mean?
@@ -72,8 +76,8 @@ How do I use OAuthlib as a provider with Django, Flask and other web frameworks?
     - Pyramid `pyramid-oauthlib`_
     - Bottle `bottle-oauthlib`_
 
-    For other frameworks, please get in touch by opening a `GitHub issue`_, on `G+`_ or
-    on IRC #oauthlib irc.freenode.net. If you have written an OAuthLib package that
+    For other frameworks, please get in touch by opening a `GitHub issue`_ or
+    on `Gitter OAuthLib community`_. If you have written an OAuthLib package that
     supports your favorite framework, please open a Pull Request to update the docs.
 
 
@@ -101,5 +105,5 @@ Some argue OAuth 2 is worse than 1, is that true?
 .. _`pyramid-oauthlib`: https://github.com/tilgovi/pyramid-oauthlib
 .. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthlib
 .. _`GitHub issue`: https://github.com/oauthlib/oauthlib/issues/new
-.. _`G+`: https://plus.google.com/communities/101889017375384052571
+.. _`Gitter OAuthLib community`: https://gitter.im/oauthlib/Lobby
 .. _`difference`: https://www.cyberciti.biz/faq/authentication-vs-authorization/
diff --git a/docs/oauth1/server.rst b/docs/oauth1/server.rst
index 2a91f30..db469d2 100644
--- a/docs/oauth1/server.rst
+++ b/docs/oauth1/server.rst
@@ -433,9 +433,9 @@ shown below as well as run your flask server locally on port `5000`.
 7. Let us know how it went!
 ---------------------------
 
-Drop a line in our `G+ community`_ or open a `GitHub issue`_ =)
+Drop a line in our `Gitter OAuthLib community`_ or open a `GitHub issue`_ =)
 
-.. _`G+ community`: https://plus.google.com/communities/101889017375384052571
+.. _`Gitter OAuthLib community`: https://gitter.im/oauthlib/Lobby
 .. _`GitHub issue`: https://github.com/oauthlib/oauthlib/issues/new
 
 If you run into issues it can be helpful to enable debug logging::
diff --git a/docs/oauth2/server.rst b/docs/oauth2/server.rst
index 8f8b77b..35a58aa 100644
--- a/docs/oauth2/server.rst
+++ b/docs/oauth2/server.rst
@@ -493,9 +493,9 @@ at runtime by a function, rather then by a list.
 6. Let us know how it went!
 ---------------------------
 
-Drop a line in our `G+ community`_ or open a `GitHub issue`_ =)
+Drop a line in our `Gitter OAuthLib community`_ or open a `GitHub issue`_ =)
 
-.. _`G+ community`: https://plus.google.com/communities/101889017375384052571
+.. _`Gitter OAuthLib community`: https://gitter.im/oauthlib/Lobby
 .. _`GitHub issue`: https://github.com/oauthlib/oauthlib/issues/new
 
 If you run into issues it can be helpful to enable debug logging.
diff --git a/docs/release_process.rst b/docs/release_process.rst
index aab97c4..9ee987c 100644
--- a/docs/release_process.rst
+++ b/docs/release_process.rst
@@ -2,12 +2,12 @@ Release process
 ===============
 
 OAuthLib has got to a point where quite a few libraries and users depend on it.
-Because of this a more careful release procedure will be introduced to make
+Because of this, a more careful release procedure will be introduced to make
 sure all these lovely projects don't suddenly break.
 
 When approaching a release we will run the unittests for a set of downstream
 libraries using the unreleased version of OAuthLib. If OAuthLib is the cause of
-failing tests we will either
+failing tests we will either:
 
 1. Find a way to introduce the change without breaking downstream. However,
    this is not always the best long term option.
@@ -25,7 +25,7 @@ OAuthLib release issue on Github at least 2 days prior to release detailing the
 changes and pings the primary contacts for each downstream project.  Please
 respond within those 2 days if you have major concerns. 
 
-How to get on the notifcations list
+How to get on the notifications list
 -----------------------------------
 
 Which projects and the instructions for testing each will be defined in
@@ -45,8 +45,8 @@ A note on versioning
 --------------------
 
 Historically OAuthLib has not been very good at semantic versioning but that
-will change after the 1.0.0 release due late 2014. After that poing any major
-digit release (e.g. 2.0.0) may introduce non backwards compatible changes.
+has changed since the 1.0.0 in 2014. Since, any major digit release
+(e.g. 2.0.0) may introduce non backwards compatible changes.
 Minor point (1.1.0) releases will introduce non API breaking new features and
 changes. Bug releases (1.0.1) will include minor fixes that needs to be
 released quickly (e.g. after a bigger release unintentionally introduced a
diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py
index b7586d2..bc5d96b 100644
--- a/oauthlib/__init__.py
+++ b/oauthlib/__init__.py
@@ -5,7 +5,7 @@
     A generic, spec-compliant, thorough implementation of the OAuth
     request-signing logic.
 
-    :copyright: (c) 2011 by Idan Gazit.
+    :copyright: (c) 2018 by The OAuthlib Community
     :license: BSD, see LICENSE for details.
 """
 import logging
diff --git a/oauthlib/common.py b/oauthlib/common.py
index f25656f..c1180e6 100644
--- a/oauthlib/common.py
+++ b/oauthlib/common.py
@@ -114,7 +114,7 @@ def decode_params_utf8(params):
     return decoded
 
 
-urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?')
+urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?\'$')
 
 
 def urldecode(query):
diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index 0107933..9ea8c44 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -362,16 +362,13 @@ def parse_token_response(body, scope=None):
         #   https://github.com/oauthlib/oauthlib/issues/267
 
         params = dict(urlparse.parse_qsl(body))
-        for key in ('expires_in', 'expires'):
-            if key in params:  # cast a couple things to int
+        for key in ('expires_in',):
+            if key in params:  # cast things to int
                 params[key] = int(params[key])
 
     if 'scope' in params:
         params['scope'] = scope_to_list(params['scope'])
 
-    if 'expires' in params:
-        params['expires_in'] = params.pop('expires')
-
     if 'expires_in' in params:
         params['expires_at'] = time.time() + int(params['expires_in'])
 
diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py
index 92edba6..bf1515d 100644
--- a/oauthlib/oauth2/rfc6749/request_validator.py
+++ b/oauthlib/oauth2/rfc6749/request_validator.py
@@ -332,7 +332,14 @@ class RequestValidator(object):
             }
 
         Note that while "scope" is a string-separated list of authorized scopes,
-        the original list is still available in request.scopes
+        the original list is still available in request.scopes.
+
+        The token dict is passed as a reference so any changes made to the dictionary
+        will go back to the user.  If additional information must return to the client
+        user, and it is only possible to get this information after writing the token
+        to storage, it should be added to the token dictionary.  If the token
+        dictionary must be modified but the changes should not go back to the user,
+        a copy of the dictionary must be made before making the changes.
 
         Also note that if an Authorization Code grant request included a valid claims
         parameter (for OpenID Connect) then the request.claims property will contain
diff --git a/oauthlib/openid/connect/core/grant_types/base.py b/oauthlib/openid/connect/core/grant_types/base.py
index 2bb48b1..fa578a5 100644
--- a/oauthlib/openid/connect/core/grant_types/base.py
+++ b/oauthlib/openid/connect/core/grant_types/base.py
@@ -225,12 +225,6 @@ class GrantTypeBase(object):
                 msg = "Prompt none is mutually exclusive with other values."
                 raise InvalidRequestError(request=request, description=msg)
 
-            # prompt other than 'none' should be handled by the server code that
-            # uses oauthlib
-            if not request.id_token_hint:
-                msg = "Prompt is set to none yet id_token_hint is missing."
-                raise InvalidRequestError(request=request, description=msg)
-
             if not self.request_validator.validate_silent_login(request):
                 raise LoginRequired(request=request)
 
diff --git a/setup.py b/setup.py
index 0c4e564..1d69e0d 100755
--- a/setup.py
+++ b/setup.py
@@ -33,7 +33,7 @@ setup(
     version=oauthlib.__version__,
     description='A generic, spec-compliant, thorough implementation of the OAuth request-signing logic',
     long_description=fread('README.rst'),
-    author='Idan Gazit',
+    author='The OAuthlib Community',
     author_email='idan@gazit.me',
     maintainer='Ib Lundgren',
     maintainer_email='ib.lundgren@gmail.com',
diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
index 2a9cbe8..6ba98c0 100644
--- a/tests/oauth2/rfc6749/test_parameters.py
+++ b/tests/oauth2/rfc6749/test_parameters.py
@@ -115,13 +115,6 @@ class ParameterTests(TestCase):
                    '   "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",'
                    '   "example_parameter": "example_value" }')
 
-    json_expires = ('{ "access_token": "2YotnFZFEjr1zCsicMWpAA",'
-                    '  "token_type": "example",'
-                    '  "expires": 3600,'
-                    '  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",'
-                    '  "example_parameter": "example_value",'
-                    '  "scope":"abc def"}')
-
     json_dict = {
        'access_token': '2YotnFZFEjr1zCsicMWpAA',
        'token_type': 'example',
@@ -264,7 +257,3 @@ class ParameterTests(TestCase):
         finally:
             signals.scope_changed.disconnect(record_scope_change)
         del os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE']
-
-    def test_token_response_with_expires(self):
-        """Verify fallback for alternate spelling of expires_in. """
-        self.assertEqual(parse_token_response(self.json_expires), self.json_dict)
diff --git a/tests/test_common.py b/tests/test_common.py
index b0ea20d..fb4bd5b 100644
--- a/tests/test_common.py
+++ b/tests/test_common.py
@@ -39,6 +39,8 @@ class EncodingTest(TestCase):
         self.assertItemsEqual(urldecode('foo=bar@spam'), [('foo', 'bar@spam')])
         self.assertItemsEqual(urldecode('foo=bar/baz'), [('foo', 'bar/baz')])
         self.assertItemsEqual(urldecode('foo=bar?baz'), [('foo', 'bar?baz')])
+        self.assertItemsEqual(urldecode('foo=bar\'s'), [('foo', 'bar\'s')])
+        self.assertItemsEqual(urldecode('foo=$'), [('foo', '$')])
         self.assertRaises(ValueError, urldecode, 'foo bar')
         self.assertRaises(ValueError, urldecode, '%R')
         self.assertRaises(ValueError, urldecode, '%RA')
diff --git a/tox.ini b/tox.ini
index 3dded41..03e25b1 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,10 +1,10 @@
 [tox]
-envlist = py27,py34,py35,py36,pypy,docs
+envlist = py27,py34,py35,py36,pypy,docs,readme
 
 [testenv]
 deps=
     -rrequirements-test.txt
-commands=nosetests --with-coverage --cover-erase --cover-package=oauthlib -w tests
+commands=nosetests --with-coverage --cover-html --cover-html-dir={toxinidir}/htmlcov-{envname} --cover-erase --cover-package=oauthlib -w tests
 
 [testenv:py27]
 deps=unittest2
@@ -19,3 +19,12 @@ deps=sphinx
 changedir=docs
 whitelist_externals=make
 commands=make clean html
+
+# tox -e readme to mimick pypi long_description check
+[testenv:readme]
+skipsdist=True
+deps=readme
+whitelist_externals=echo
+commands=
+        python setup.py check -r -s
+        echo setup.py/long description is syntaxly correct