summaryrefslogtreecommitdiff
path: root/oauthlib/oauth2/rfc6749/grant_types
Commit message (Collapse)AuthorAgeFilesLines
...
* | Normalize handling of request.scopes listJoel Stevenson2016-11-211-4/+5
|/ | | | | | | | | | | | | | | | | | | | | Use the scope_to_list() util to initalize the request.scopes list from the request.scope request parameter in two place where it was instead being set to None. - AuthorizationEndpoint.validate_authorization_request() - TokenEndpoint.create_token_response() In both cases the Request should be properly populated before it is passed to the client's validator. In the case of the TokenEndpoint - there are OAuth2 workflows that allow an optional scope parameter so we should have been doing this for them anyway. Since scope_to_list() may return None, also update the openid_connect code to behave properly when this is the case. Fixes #436
* Small fix for #416Omer Katz2016-08-281-1/+1
| | | Tuples are initialized faster on CPython.
* Test for membership should be "not in", here too.Joel Stevenson2016-08-261-3/+3
|
* Test for membership should be "not in".Joel Stevenson2016-08-252-2/+2
| | | | Commenting.
* Short description doc for AuthCodeGrantDispatcherJoel Stevenson2016-08-181-1/+2
|
* Move the claims handling into OpenIDConnectBase._inflate_claims() and a new ↵Joel Stevenson2016-08-183-16/+44
| | | | | | AuthCodeGrantDispatcher to route requests to either the default AuthorizationCodeGrant or OpenIDConnectAuthCode depending on scope when the request's response_type is a simple (ambiguous) 'code'. Include basic docs about OpenID Connect auth flow support
* Reworking the handling of claims. @bjmc was quite right to question the ↵Joel Stevenson2016-05-061-0/+13
| | | | haste-y inclusion in the Resource endpoint. It is an optional parameter to the Authorization Code endpoint and so needs to be stored with both the generated authorization code grant and any subsequent access token issued to that authorization code.
* Check the response type against exact response_type registry formats in ↵Joel Stevenson2016-05-021-1/+1
| | | | GrantTypeBase.add_token()
* Prevent save_token() from being called twice within create_token_response(). ↵Joel Stevenson2016-04-295-7/+11
| | | | We call save_token() after any token modifiers have run so we can tell the token_handler's create_token() method not to save the token and do that explicitly ourselves.
* Merge branch 'openid_connect' of https://github.com/joelstevenson/oauthlib ↵Joel Stevenson2016-04-264-15/+24
|\ | | | | | | into openid_connect
| * Handle multi-valued response_types as specified in ↵Joel Stevenson2016-04-254-17/+24
| | | | | | | | | | | | | | http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations Handle new 'none' response_type Implicit flow won't generate a token unless it is asked for (skipped for "id_token" response_type
* | Remove some comments related to new code for OIDC feature.Joel Stevenson2016-04-264-14/+6
|/
* Fixup implicit flow authorization response and testJoel Stevenson2016-04-192-1/+8
|
* More wiring to get OpenID Connect code fully integrated.Joel Stevenson2016-04-192-9/+5
|
* First pass attempt at updating openid_connect branchJoel Stevenson2016-04-153-3/+30
|
* Convenience (for testing) imports.Ib Lundgren2016-04-141-0/+5
|
* Raise OIDCNoPrompt exception upon authorization if requested.Ib Lundgren2016-04-141-32/+66
|
* Response mode support.Ib Lundgren2016-04-143-11/+66
|
* Small steps on the OpenID grant types.Ib Lundgren2016-04-141-26/+94
| | | | | | Direct response if prompt is none. Sketched out methods for implicit and hybrid. New method for adding access tokens in hybrid auth step.
* Support for extra token validators and code modifiers.Ib Lundgren2016-04-141-1/+15
|
* Initial sketch of OpenID Connect grant extensions.Ib Lundgren2016-04-141-0/+273
| | | | | | Only drafted some of the parameters introduced and little validation has been implemented so far. The id_token creation is also on the TODO list but a lot of it is created by @intelie in his fork already.
* Add token modifier and save to refresh token grant as well.Ib Lundgren2016-04-141-0/+11
|
* Move save token to grant type and allow token modification.Ib Lundgren2016-04-144-1/+54
| | | | | | | | | | | | request_validator.save_bearer_token was previously called from inside token_handler.create_token but is now called from the respective grant type after being created by token_handler.create_token. This makes it easier to allow extensions grants to modify the token via the newly introduced token modifier methods that will be invoked prior to the save. This is consistent with how auth code is created and saved plus it removes the hidden dual purpose of create_token.
* Set issue_new_refresh_tokens in RefreshTokenGrant.__init__Rafał Furmański2016-03-301-4/+1
|
* Added a kwarg to set wether refresh token will be created or notHiroki KIYOHARA2015-09-291-2/+3
|
* Fix management of rfc6749 errorsfabio2015-07-062-29/+36
|
* send no state in the access token responsegunnar2015-07-031-1/+1
|
* Merge pull request #341 from kdazzle/request-getattrOmer Katz2015-07-024-4/+5
|\ | | | | #340 - calling getattr on Request should raise an AttributeError if that attribute doesn't exist
| * #340 - provide default values for some params in common.RequestKyle2015-05-094-4/+5
| |
* | Handle empty/non-parsable query stringsDan Berglund2015-06-262-2/+10
|/
* Remove redundant "state=request.state" parametersRodney Richardson2014-10-076-44/+22
|
* Add docstring for ResourceOwnerPasswordCredentialsGrant __init__David Muller2014-09-291-0/+4
|
* create/don't create refresh_token based on self.refresh_tokenDavid Muller2014-09-291-1/+1
|
* Add refresh_token keyword argDavid Muller2014-09-291-1/+2
|
* Auto pep8 changes throughout the code base.Ib Lundgren2014-09-246-63/+85
|
* Change logging namespace to a tiered one.Ib Lundgren2014-09-246-7/+25
| | | | | | | Rather than have all logging under oauthlib we now have it per file using __name__. Users who wish to enable or disable all logging can still do so by enabling or disabling the oauthlib logging namespace.
* Remove password print from debug logs. Fix #256.Ib Lundgren2014-07-071-2/+1
|
* Use 401 status code for some OAuth 2 errorsAnders Steinlein2014-04-301-2/+2
|
* return application/json content type in case of errormasci2014-01-191-1/+1
|
* is_within_original_scope method for refresh token grant (Issue #220)Jan Wrobel2013-11-051-1/+3
|
* Include the request object in the returned dict, it can be used to cache ↵Andre Cruz2013-10-282-0/+2
| | | | information that will be used later.
* Fix all application/json mimetypes.Hsiaoming Yang2013-10-123-3/+3
|
* JSON content type has no charset.Hsiaoming Yang2013-10-121-1/+1
|
* Set headers on client credentials access token responseAleksandr Vladimirskiy2013-10-101-1/+6
|
* fixed call to client_authentication_requiredMassimiliano Pippi2013-09-211-1/+1
|
* ask validator if client has to be authenticatedMassimiliano Pippi2013-09-173-42/+42
|
* #200 First attempt at API cleanup to match OAuth1.Tyler Jones2013-08-015-15/+15
|
* Validator confirm_scopes becomes get_original_scopes. #182, #183Ib Lundgren2013-06-211-2/+15
|
* Add initial refresh token grant tests. Fix #182.Ib Lundgren2013-06-201-3/+2
|
* Fix scope validation on refresh token grant.Ib Lundgren2013-06-201-15/+1
|
View Lorry Controller Status