| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Rework client authentication in SkeletonValidator for clarity | Braedon Vickers | 2020-01-21 | 1 | -2/+7 |
| | | | | | | | | | | | | | | | | | | | | | | SkeletonValidator was seemingly written to not support public clients at all. Its authenticate_client_id() explicitly returned `False`, rather than `pass`-ing like the other methods, and client_authentication_required() was missing entirely (the default implementation always returns `True`). This opinionated approach is confusing, especially when writing an implementation that allows public clients. The comment on the authenticate_client_id() method is particularly confusing. Unlike the comments on other methods, which explain the method, it explains the implementation (returning `False`). As a result, it appears to say the method should return `False` for public clients, when it should actually return `False` for confidential clients (and `True` for valid public clients). To reduce this confusion, include a client_authentication_required() stub, `pass` rather than returning `False` in authenticate_client_id(), and update its comment to describe the method. | ||||
| * | Remove usage of "state" for code/token response. | Jonathan Huot | 2019-02-22 | 1 | -3/+3 |
| | | |||||
| * | Add request argument to confirm_redirect_uri (#504) (#504) | Jimmy Thrasibule | 2018-04-13 | 1 | -1/+1 |
| | | |||||
| * | Convert readthedocs link for their .org -> .io migration for hosted projects ↵ | Adam Chainz | 2016-05-31 | 1 | -1/+1 |
| | | | | | | | | | | (#427) As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’: > Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard. Test Plan: Manually visited all the links I’ve modified. | ||||
| * | send no state in the access token response | gunnar | 2015-07-03 | 1 | -1/+1 |
| | | |||||
| * | changing server example to reflect changes to request validator in ↵ | Clint Ecker | 2013-06-21 | 1 | -3/+5 |
| | | | | | 035d46c73ab7feb4719e4642dafc9bb21aa8bd2c | ||||
| * | Remove django+decorator bits of skeleton example. | Ib Lundgren | 2013-05-31 | 1 | -40/+0 |
| | | |||||
| * | Fix extracting of scope values from POST | Stéphane Raimbault | 2013-05-23 | 1 | -1/+1 |
| | | | | | Many inputs with same name are stored in a list. | ||||
| * | The argument request is missing in validate_code() in examples | Stéphane Raimbault | 2013-05-23 | 1 | -1/+1 |
| | | |||||
| * | Fix some typo | Eunchong Yu | 2013-05-16 | 1 | -3/+3 |
| | | |||||
| * | OAuth 2 skeleton provider | Ib Lundgren | 2013-03-26 | 1 | -0/+147 |
 |
index : delta/python-packages/oauthlib.git | |
| github.com: idan/oauthlib.git |
| summaryrefslogtreecommitdiff |