Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add CORS support for Refresh Token Grant. | Theron Luhn | 2022-02-15 | 1 | -18/+0 |
| | |||||
* | Add support for CORS in the token endpoint. | Theron Luhn | 2021-12-13 | 1 | -0/+19 |
| | |||||
* | fix #755: ensure save_token is called for hybrid code flow | Karim Kanso | 2021-08-18 | 1 | -0/+2 |
| | |||||
* | Remove Python 2 codes (#734) | Asif Saif Uddin | 2020-05-12 | 1 | -1/+0 |
| | | | | | | | | | * Update setup.py * remove un needed python 2 codes * remove un needed python 2 codes * remove un needed python 2 codes | ||||
* | The future is now | Hugo | 2019-08-15 | 1 | -2/+0 |
| | |||||
* | Fix 670. AuthCode API must return the new PKCE attribute670-pkce-requestinfo | Jonathan Huot | 2019-04-26 | 1 | -0/+3 |
| | |||||
* | Fix 652: removed "state" from /token response. | Jonathan Huot | 2019-02-20 | 1 | -1/+3 |
| | | | | | | Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used. | ||||
* | Merge branch 'master' into dry-up-code | Omer Katz | 2018-12-17 | 1 | -0/+111 |
|\ | |||||
| * | Merge branch 'master' into 601-pkce-support | Jonathan Huot | 2018-12-13 | 1 | -0/+1 |
| |\ | |||||
| | * | Used WWW-Authenticate and auth-param values as RFC6750 described it. | Jonathan Huot | 2018-12-12 | 1 | -2/+1 |
| | | | | | | | | | | | | It misses the possibility to add scope= and realm= at the moment, but it should be a step forward into the right direction. | ||||
| | * | Handle 401 with WWW-Authenticate. Moved wrong 401 into 400. | Jonathan Huot | 2018-12-04 | 1 | -0/+2 |
| | | | | | | | | | | | | access_denied/unauthorized_client/consent_required/login_required MUST be 400, and not 401. Also, 401 MUST have WWW-Authenticate when set. It could have an impact of processing those in webframeworks. | ||||
| * | | Initial OAuth2.0/PKCE Provider support | Jonathan Huot | 2018-11-29 | 1 | -0/+110 |
| |/ | |||||
* | | Extract redirect handling to a common method. | Omer Katz | 2018-12-17 | 1 | -18/+3 |
| | | |||||
* | | Extract default grant headers to helper method. | Omer Katz | 2018-12-17 | 1 | -6/+2 |
|/ | |||||
* | cleanup on docs fixes | jonathan vanasco | 2018-09-11 | 1 | -2/+2 |
| | |||||
* | redid the docstring fixes | jonathan vanasco | 2018-09-10 | 1 | -2/+21 |
| | |||||
* | Make scope optional for authorization code grant. | Theron Luhn | 2018-09-02 | 1 | -12/+0 |
| | |||||
* | Merge branch 'master' into 445_confirm_redirect | Jonathan Huot | 2018-08-15 | 1 | -0/+2 |
|\ | |||||
| * | Add syntax check of get_default_redirect_uri | Jonathan Huot | 2018-07-30 | 1 | -0/+2 |
| | | | | | | | | Authorization Code was missing this check, whereas Implicit was checking it. | ||||
* | | Call get_default_redirect_uri if no redirect_uri in token req | Jonathan Huot | 2018-07-30 | 1 | -0/+11 |
|/ | |||||
* | Add request argument to confirm_redirect_uri (#504) (#504) | Jimmy Thrasibule | 2018-04-13 | 1 | -1/+2 |
| | |||||
* | Rtd docs fix (#515) | Jonathan Huot | 2018-02-28 | 1 | -13/+13 |
| | | | | | | | | | | | | | | | | | | | | | | * Added sphinx build for developers Rationale is to build docs locally to prevent RTD to break later. * Replace manual sphinx into make * Renamed idan URL to oauthlib community * Renamed http into https URLs since http is returning 302 * python requests library renamed its home URL * Add ignore list for "make linkcheck" linkcheck is doing requests to github with anonymous access, however creating an issue require an logged-in account * virtualenv changed its homepage and website. * Fixed broken link | ||||
* | Sorted imports. | Omer Katz | 2017-09-17 | 1 | -2/+2 |
| | |||||
* | switch to sending the MismatchingRedirectURIError instead | Oren Mazor | 2017-06-14 | 1 | -1/+1 |
| | |||||
* | return a more descriptive error when a redirect url is provided and it is wrong | Oren Mazor | 2017-06-14 | 1 | -1/+1 |
| | |||||
* | Redirect errors according to response_mode. | Pieter Ennes | 2017-02-21 | 1 | -1/+4 |
| | |||||
* | Refactor custom validators registration | Brendan McCollam | 2016-12-22 | 1 | -4/+4 |
| | |||||
* | Move custom validator registration onto GrantTypeBase | Brendan McCollam | 2016-12-22 | 1 | -31/+12 |
| | |||||
* | Ensure request.client_id after checking request.client.client_id | Fabian Fuelling | 2016-10-03 | 1 | -2/+2 |
| | |||||
* | Ensure request.client_id, getting it optionally from request.client.client_id | Fabian Fuelling | 2016-10-03 | 1 | -0/+2 |
| | |||||
* | Small fix for #416 | Omer Katz | 2016-08-28 | 1 | -1/+1 |
| | | | Tuples are initialized faster on CPython. | ||||
* | Move the claims handling into OpenIDConnectBase._inflate_claims() and a new ↵ | Joel Stevenson | 2016-08-18 | 1 | -14/+1 |
| | | | | | | AuthCodeGrantDispatcher to route requests to either the default AuthorizationCodeGrant or OpenIDConnectAuthCode depending on scope when the request's response_type is a simple (ambiguous) 'code'. Include basic docs about OpenID Connect auth flow support | ||||
* | Reworking the handling of claims. @bjmc was quite right to question the ↵ | Joel Stevenson | 2016-05-06 | 1 | -0/+13 |
| | | | | haste-y inclusion in the Resource endpoint. It is an optional parameter to the Authorization Code endpoint and so needs to be stored with both the generated authorization code grant and any subsequent access token issued to that authorization code. | ||||
* | Prevent save_token() from being called twice within create_token_response(). ↵ | Joel Stevenson | 2016-04-29 | 1 | -3/+7 |
| | | | | We call save_token() after any token modifiers have run so we can tell the token_handler's create_token() method not to save the token and do that explicitly ourselves. | ||||
* | Handle multi-valued response_types as specified in ↵ | Joel Stevenson | 2016-04-25 | 1 | -3/+1 |
| | | | | | | | http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations Handle new 'none' response_type Implicit flow won't generate a token unless it is asked for (skipped for "id_token" response_type | ||||
* | Fixup implicit flow authorization response and test | Joel Stevenson | 2016-04-19 | 1 | -1/+1 |
| | |||||
* | More wiring to get OpenID Connect code fully integrated. | Joel Stevenson | 2016-04-19 | 1 | -5/+2 |
| | |||||
* | First pass attempt at updating openid_connect branch | Joel Stevenson | 2016-04-15 | 1 | -1/+1 |
| | |||||
* | Response mode support. | Ib Lundgren | 2016-04-14 | 1 | -1/+4 |
| | |||||
* | Support for extra token validators and code modifiers. | Ib Lundgren | 2016-04-14 | 1 | -1/+15 |
| | |||||
* | Move save token to grant type and allow token modification. | Ib Lundgren | 2016-04-14 | 1 | -1/+27 |
| | | | | | | | | | | | | request_validator.save_bearer_token was previously called from inside token_handler.create_token but is now called from the respective grant type after being created by token_handler.create_token. This makes it easier to allow extensions grants to modify the token via the newly introduced token modifier methods that will be invoked prior to the save. This is consistent with how auth code is created and saved plus it removes the hidden dual purpose of create_token. | ||||
* | Added a kwarg to set wether refresh token will be created or not | Hiroki KIYOHARA | 2015-09-29 | 1 | -2/+3 |
| | |||||
* | Fix management of rfc6749 errors | fabio | 2015-07-06 | 1 | -14/+18 |
| | |||||
* | send no state in the access token response | gunnar | 2015-07-03 | 1 | -1/+1 |
| | |||||
* | Merge pull request #341 from kdazzle/request-getattr | Omer Katz | 2015-07-02 | 1 | -1/+1 |
|\ | | | | | #340 - calling getattr on Request should raise an AttributeError if that attribute doesn't exist | ||||
| * | #340 - provide default values for some params in common.Request | Kyle | 2015-05-09 | 1 | -1/+1 |
| | | |||||
* | | Handle empty/non-parsable query strings | Dan Berglund | 2015-06-26 | 1 | -1/+5 |
|/ | |||||
* | Remove redundant "state=request.state" parameters | Rodney Richardson | 2014-10-07 | 1 | -18/+9 |
| | |||||
* | Auto pep8 changes throughout the code base. | Ib Lundgren | 2014-09-24 | 1 | -20/+29 |
| | |||||
* | Change logging namespace to a tiered one. | Ib Lundgren | 2014-09-24 | 1 | -1/+4 |
| | | | | | | | Rather than have all logging under oauthlib we now have it per file using __name__. Users who wish to enable or disable all logging can still do so by enabling or disabling the oauthlib logging namespace. |