Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add the ReadTheDocs theme to dev builds "i.e tox -e docs".release-3.1.0 | Jonathan Huot | 2019-08-06 | 2 | -2/+4 |
| | |||||
* | Merge branch 'master' into release-3.1.0 | Jonathan Huot | 2019-08-05 | 11 | -69/+326 |
|\ | |||||
| * | Add hooks to highlight the possibilities of the framework (#673) | Jonathan Huot | 2019-08-02 | 1 | -18/+69 |
| |\ | | | | | | | Add hooks to highlight the possibilities of the framework | ||||
| | * | Merge branch 'master' into docs-flows-hooksdocs-flows-hooks | Jonathan Huot | 2019-08-01 | 12 | -54/+262 |
| | |\ | | |/ | |/| | |||||
| * | | Oidc userinfo (#677) | Jonathan Huot | 2019-08-01 | 8 | -49/+222 |
| |\ \ | | | | | | | | | Oidc userinfo | ||||
| | * \ | Merge branch 'master' into oidc-userinfooidc-userinfo | Jonathan Huot | 2019-08-01 | 2 | -2/+35 |
| | |\ \ | | |/ / | |/| | | |||||
| * | | | add HMAC-SHA256 signature validation (#691) | Jonathan Huot | 2019-07-25 | 2 | -2/+35 |
| |\ \ \ | | | | | | | | | | | add HMAC-SHA256 signature validation | ||||
| | * | | | add HMAC-SHA256 signature validation | Hamish Moffatt | 2019-07-25 | 2 | -2/+35 |
| |/ / / | |||||
| | * | | Merge branch 'master' into oidc-userinfo | Jonathan Huot | 2019-07-19 | 2 | -3/+5 |
| | |\ \ | | |/ / | |/| | | |||||
| | * | | Merge branch 'master' into oidc-userinfo | Jonathan Huot | 2019-07-04 | 13 | -13/+206 |
| | |\ \ | |||||
| | * | | | Downgrade python to match with Travis | Jonathan Huot | 2019-05-13 | 1 | -1/+1 |
| | | | | | |||||
| | * | | | Force bandit python version to be sure no conflict with others | Jonathan Huot | 2019-05-13 | 1 | -0/+1 |
| | | | | | |||||
| | * | | | Updated bandit baseline after review | Jonathan Huot | 2019-05-13 | 1 | -5/+1179 |
| | | | | | |||||
| | * | | | Add UserInfoEndpoint to the OIDC Provider support. | Jonathan Huot | 2019-05-13 | 7 | -1/+220 |
| | | | | | |||||
| | * | | | Removed duplicated code for oauth2.BaseEndpoint | Jonathan Huot | 2019-05-13 | 1 | -48/+2 |
| | | | | | |||||
| | | | * | Merge branch 'master' into docs-flows-hooks | Jonathan Huot | 2019-07-09 | 28 | -48/+1788 |
| | | | |\ | | | | |/ | | | |/| | |||||
| | | | * | Add hooks to highlight the possibilities of the framework | Jonathan Huot | 2019-04-30 | 1 | -18/+69 |
| | | | | | | | | | | | | | | | | | | | | The grey color has been used to show that's optional, and a loop arrow to represent that multiple hooks can be stacked. We can distinctly see three kind of hooks: 1) pre/post+token/auth 2) generate access/refresh tokens 3) code/token modifiers. Also, I have added the optional RequestValidator.rotate_refresh_token callback. | ||||
* | | | | | Bump to 3.1.0 | Jonathan Huot | 2019-07-19 | 1 | -1/+1 |
| | | | | | |||||
* | | | | | Add 3.1.0 changelog | Jonathan Huot | 2019-07-19 | 1 | -0/+28 |
|/ / / / | |||||
* | | | | Bump version | Jonathan Huot | 2019-07-19 | 1 | -1/+1 |
| | | | | |||||
* | | | | Release 3.0.2 (#683) | Jonathan Huot | 2019-07-19 | 2 | -3/+5 |
|\ \ \ \ | |_|/ / |/| | | | Release 3.0.2 | ||||
| * | | | Merge branch 'master' into release-3.0.2release-3.0.2 | Jonathan Huot | 2019-07-19 | 47 | -329/+1979 |
| |\ \ \ | |/ / / |/| | | | |||||
* | | | | Handle null value in expires_in field in JSON handler (#675) | Jonathan Huot | 2019-07-04 | 2 | -1/+22 |
|\ \ \ \ | | | | | | | | | | | Handle null value in expires_in field in JSON handler | ||||
| * \ \ \ | Merge branch 'master' into 672-fix-null-expires-in | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
| |\ \ \ \ | |/ / / / |/| | | | | |||||
* | | | | | Fix BackendApplicationClient.prepare_request_body (#682) | Jonathan Huot | 2019-07-04 | 1 | -0/+1 |
|\ \ \ \ \ | | | | | | | | | | | | | Fix BackendApplicationClient.prepare_request_body | ||||
| * \ \ \ \ | Merge branch 'master' into patch-2 | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
| |\ \ \ \ \ | |/ / / / / |/| | | | | | |||||
| * | | | | | Fix BackendApplicationClient.prepare_request_body | qporest | 2019-07-02 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`. | ||||
| | * | | | | Merge branch 'master' into 672-fix-null-expires-in | Josh Holmer | 2019-07-03 | 1 | -1/+1 |
| | |\ \ \ \ | |_|/ / / / |/| | | | | | |||||
* | | | | | | Error in timestamp comparison | Jonathan Huot | 2019-07-03 | 1 | -1/+1 |
|/ / / / / | |||||
| * | | | | Merge branch 'master' into 672-fix-null-expires-in | Omer Katz | 2019-06-29 | 27 | -47/+1765 |
| |\ \ \ \ | |/ / / / |/| | | | | |||||
* | | | | | Check for errors in authorization code response (#680) | Jonathan Huot | 2019-06-12 | 2 | -6/+12 |
|\ \ \ \ \ | | | | | | | | | | | | | Check for errors in authorization code response | ||||
| * \ \ \ \ | Merge branch 'master' into 290-code-response-errors | Jonathan Huot | 2019-06-12 | 1 | -0/+12 |
| |\ \ \ \ \ | |/ / / / / |/| | | | | | |||||
* | | | | | | Create FUNDING.yml | Omer Katz | 2019-06-11 | 1 | -0/+12 |
| | | | | | | |||||
| * | | | | | Check for authorization response errors | Mark Gregson | 2019-06-06 | 2 | -6/+12 |
|/ / / / / | |||||
* | | | | | Merge pull request #667 from Abhishek8394/sanitize-get | Jonathan Huot | 2019-05-19 | 10 | -10/+1338 |
|\ \ \ \ \ | |_|_|/ / |/| | | | | Fix Issue #666: ban 'client_secret' and 'code_verifier' from url query params | ||||
| * | | | | Downgrade python to match with Travis | Jonathan Huot | 2019-05-16 | 1 | -0/+1 |
| | | | | | |||||
| * | | | | Updated bandit baseline after review | Jonathan Huot | 2019-05-16 | 1 | -5/+1179 |
| | | | | | |||||
| * | | | | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵ | Abhishek Patel | 2019-05-14 | 8 | -21/+107 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body. | ||||
| * | | | | Ban all query parameters on Intropspection, Token and Revocation endpopoint | Abhishek Patel | 2019-05-14 | 4 | -26/+15 |
| | | | | | |||||
| * | | | | Add tests + create a global variable for blacklisted query parameters | Abhishek Patel | 2019-05-14 | 4 | -7/+68 |
| | | | | | |||||
| * | | | | Add validation check for presence of forbidden query parameters in OAuth2 ↵ | Abhishek Patel | 2019-05-14 | 4 | -1/+18 |
|/ / / / | | | | | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint | ||||
* | | | | Merge pull request #671 from oauthlib/670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 2 | -2/+7 |
|\ \ \ \ | | | | | | | | | | | Fix 670. AuthCode API must return the new PKCE attribute | ||||
| * \ \ \ | Merge branch 'master' into 670-pkce-requestinfo | Jonathan Huot | 2019-05-07 | 12 | -29/+396 |
| |\ \ \ \ | |/ / / / |/| | | | | |||||
* | | | | | Merge pull request #674 from bungoume/patch-1 | Jonathan Huot | 2019-05-07 | 2 | -4/+79 |
|\ \ \ \ \ | | | | | | | | | | | | | token_type should be case insensitive | ||||
| * \ \ \ \ | Merge branch 'master' into patch-1 | Jonathan Huot | 2019-05-07 | 10 | -25/+317 |
| |\ \ \ \ \ | |/ / / / / |/| | | | | | |||||
* | | | | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token` (#660) | Jonathan Huot | 2019-05-06 | 8 | -22/+303 |
|\ \ \ \ \ \ | | | | | | | | | | | | | | | Add `reqval.fill_id_token` with technicals OIDC fields into `id_token` | ||||
| * \ \ \ \ \ | Merge branch 'master' into oidc-hashesoidc-hashes | Jonathan Huot | 2019-05-06 | 2 | -3/+14 |
| |\ \ \ \ \ \ | |/ / / / / / |/| | | | | | | |||||
* | | | | | | | Add case-insensitive headers to oauth1 BaseEndpoint (#669) | Jonathan Huot | 2019-05-06 | 2 | -3/+14 |
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | | Add case-insensitive headers to oauth1 BaseEndpoint | ||||
| * | | | | | | Add case-insensitive headers to oauth1 BaseEndpoint | Jordan Gardner | 2019-05-01 | 2 | -3/+14 |
|/ / / / / / | |||||
| * | | | | | Removed wrong assumption from copy/paste of get_autho.._scopes. | Jonathan Huot | 2019-04-29 | 1 | -3/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | This function should always have a good client_id and redirect_uri, because it is called after validate_token_request() |