summaryrefslogtreecommitdiff
path: root/oauthlib/oauth2/rfc6749
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | Add double-quotes to the key/values in WWW-Authenticate264-status401Jonathan Huot2018-12-121-3/+3
| | | |
| | * | Used WWW-Authenticate and auth-param values as RFC6750 described it.Jonathan Huot2018-12-127-14/+27
| | | | | | | | | | | | | | | | It misses the possibility to add scope= and realm= at the moment, but it should be a step forward into the right direction.
| | * | Handle 401 with WWW-Authenticate. Moved wrong 401 into 400.Jonathan Huot2018-12-047-6/+15
| | | | | | | | | | | | | | | | access_denied/unauthorized_client/consent_required/login_required MUST be 400, and not 401. Also, 401 MUST have WWW-Authenticate when set. It could have an impact of processing those in webframeworks.
| * | | Add details on grant_type & implicit special case.Jonathan Huot2018-12-131-0/+12
| | | |
| * | | Replace temporary list by using clearer "extend" methodJonathan Huot2018-12-131-1/+1
| | | |
| * | | Merge pull request #624 from oauthlib/preconf-server-metadataJonathan Huot2018-12-111-3/+9
| |\ \ \ | | | | | | | | | | Preconf server metadata
| | * | | Add Server metadata test and fix metadata.Jonathan Huot2018-11-301-3/+9
| | | | | | | | | | | | | | | | | | | | Fix grant_types_supported which must include "implicit" even if it is not a grant_type in oauthlib sense. Removed internal "none" field value from the list of response_types.
| * | | | Merge branch 'master' into 601-pkce-supportJonathan Huot2018-12-111-1/+3
| |\ \ \ \ | | |/ / / | |/| / / | | |/ /
| * | | Add OAuth2 Provider Server Metadata for PKCE.Jonathan Huot2018-11-301-0/+2
| | | |
| * | | Initial OAuth2.0/PKCE Provider supportJonathan Huot2018-11-293-12/+238
| | | |
* | | | Extract raising on unsupported token.Omer Katz2018-12-173-11/+10
| | | |
* | | | Extract raising error on client auth failure.Omer Katz2018-12-173-21/+15
| | | |
* | | | Raise error on missing token.Omer Katz2018-12-173-9/+11
| | | |
* | | | Extract redirect handling to a common method.Omer Katz2018-12-173-70/+59
| | | |
* | | | Extract default grant headers to helper method.Omer Katz2018-12-175-21/+13
| |_|/ |/| |
* | | change: response_type as attributemlboy2018-12-121-1/+3
| | |
* | | change: grant_type as attributemlboy2018-12-121-1/+2
| | | | | | | | | use refresh_token_key as attribute
* | | change: grant_type as attributemlboy2018-12-121-1/+3
| | |
* | | change: grant_type as attributemlboy2018-12-121-1/+3
| | |
* | | change: grant_type as attributemlboy2018-12-121-2/+4
| |/ |/|
* | `invalid_scope` status code should be 400Benjamin Pereto2018-12-031-1/+3
|/
* Allow custom provider to override oauthlib valuesoauth-metadataJonathan Huot2018-11-211-6/+8
| | | | See https://github.com/oauthlib/oauthlib/pull/605#discussion_r234438151
* Merge branch 'master' into oauth-metadataOmer Katz2018-11-011-1/+1
|\
| * Wrong Client is also a FatalClientError (#608)Jonathan Huot2018-11-011-1/+1
| | | | | | FatalClientError is it SHOULD NOT be redirected to client (redirect_uri), but MUST be redirected to USERS (error_uri).
* | Initial OAuth Authorization Server Metadata RFC8414Jonathan Huot2018-10-252-0/+192
|/
* Merge branch 'master' into fix-585_client_idJonathan Huot2018-09-211-1/+3
|\
| * fixup! `invalid_grant` status code should be 400Free Duerinckx2018-09-201-0/+2
| |
| * Merge branch 'master' into invalid-grant-should-respond-with-400Omer Katz2018-09-2011-126/+323
| |\
| * \ Merge branch 'master' into invalid-grant-should-respond-with-400Jonathan Huot2018-08-132-0/+6
| |\ \
| * | | `invalid_grant` status code should be 400Free Duerinckx2018-07-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to section 5.2 of rfc 6749 (https://tools.ietf.org/html/rfc6749#section-5.2) A server should respond with 400 in case of an invalid grant. The given grant is invalid and the client should give other data. A 401 is not applicable here because the client is required to give a suitable Authorization header field which doesn't make any sense if you are trying to acquire a grant authentication. According to sections 10.4.1 and 10.4.2 of rfc 2616 (https://tools.ietf.org/html/rfc2616#section-10.4.1)
* | | | * changed "function definition" to "function signature" in two docstringsjonathan vanasco2018-09-202-14/+21
| | | | | | | | | | | | | | | | | | | | * fixed some formatting issues in `prepare_token_request` docstring * slightly altered `prepare_token_request` in handling nontruthy values for `client_secret`.
* | | | Merge branch 'fix-585_client_id' of github.com:jvanasco/oauthlib into ↵jonathan vanasco2018-09-171-0/+12
|\ \ \ \ | | | | | | | | | | | | | | | fix-585_client_id
| * \ \ \ Merge branch 'master' into fix-585_client_idJonathan Huot2018-09-171-0/+12
| |\ \ \ \ | | | |_|/ | | |/| |
| | * | | Merge branch 'master' into 431-customexceptionJonathan Huot2018-09-1511-108/+300
| | |\ \ \
| | * | | | Fixed py27/pypy supportJonathan Huot2018-09-101-1/+1
| | | | | |
| | * | | | Add support of custom errors coming from providersJonathan Huot2018-09-101-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | Fix #431. The inherent function "raise_from_error" is called when "error=" is found in the payload. So it MUST raise something, and until now, only RFC errors were raised.
* | | | | | migrated `include_client_id` to `prepare_request_token`jonathan vanasco2018-09-175-11/+70
|/ / / / /
* | | | | * added support for empty strings of `client_secret`jonathan vanasco2018-09-172-0/+12
| | | | | | | | | | | | | | | | | | | | * added LegacyApplicationClient tests to ensure the grant supports a variety of allowed methods
* | | | | standardized some test valuesjonathan vanasco2018-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | integrated against requests_oauthlib idea
* | | | | * addresing ticket #585jonathan vanasco2018-09-136-15/+42
| |/ / / |/| | | | | | | | | | | | | | | | | | | * `prepare_request_body` client_id is deprecated in favor of include_client_id * a new unit test `test_prepare_request_body` is added to ensure conformity of several use cases * the docstrings for the `body` param have been consolidated and standardized across multiple functions linked to `prepare_request_body` for clarity
* | | | fixed spacingjonathan vanasco2018-09-111-1/+1
| | | |
* | | | cleanup on docs fixesjonathan vanasco2018-09-1111-44/+53
| | | |
* | | | redid the docstring fixesjonathan vanasco2018-09-109-82/+265
|/ / /
* | | Merge branch 'master' into masterJonathan Huot2018-09-072-13/+11
|\ \ \
| * | | Make scope optional for authorization code grant.Theron Luhn2018-09-021-12/+0
| | | |
| * | | Merge branch 'master' into 445_confirm_redirect445_confirm_redirectJonathan Huot2018-08-201-1/+0
| |\ \ \
| | * | | client_id is not passed to save_bearer_token234-fixdocJonathan Huot2018-08-161-1/+0
| | | |/ | | |/|
| * | | Merge branch 'master' into 445_confirm_redirectJonathan Huot2018-08-152-0/+6
| |\ \ \ | | |/ /
| * | | Call get_default_redirect_uri if no redirect_uri in token reqJonathan Huot2018-07-301-0/+11
| | |/ | |/|
* | | Merge branch 'master' into masterJonathan Huot2018-08-122-0/+6
|\ \ \ | | |/ | |/|
View Lorry Controller Status