summaryrefslogtreecommitdiff
path: root/oauthlib
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into oidc-userinfooidc-userinfoJonathan Huot2019-08-012-2/+35
|\
| * add HMAC-SHA256 signature validationHamish Moffatt2019-07-252-2/+35
| |
* | Merge branch 'master' into oidc-userinfoJonathan Huot2019-07-191-1/+1
|\ \ | |/
| * Bump versionJonathan Huot2019-07-191-1/+1
| |
| * Merge branch 'master' into release-3.0.2release-3.0.2Jonathan Huot2019-07-1922-278/+375
| |\
| * | Bump versionv3.0.2Jonathan Huot2019-07-041-1/+1
| | |
| * | OIDC: Raise error=invalid_request when nonce is mandatoryJonathan Huot2019-07-043-25/+46
| | | | | | | | | | | | Until now, only OIDC implicit was raising an error, but OIDC hybrid contain a couple of mandatory nonce, too.
| * | Change to 3.0.2-dev as long as master is in "dev"Jonathan Huot2019-07-041-1/+1
| | |
| * | Add clarity to the deprecation warningJonathan Huot2019-07-041-2/+2
| | |
| * | Fix 652: removed "state" from /token response.Jonathan Huot2019-07-049-19/+27
| | | | | | | | | | | | | | | | | | Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used.
* | | Merge branch 'master' into oidc-userinfoJonathan Huot2019-07-046-7/+55
|\ \ \ | | |/ | |/|
| * | Merge branch 'master' into 672-fix-null-expires-inJonathan Huot2019-07-041-0/+1
| |\ \
| | * | Fix BackendApplicationClient.prepare_request_bodyqporest2019-07-021-0/+1
| | | | | | | | | | | | Currently, if no `scope` is passed to `prepare_request_body`, None will be passed on to `prepare_token_request`, even if BackendApplicationClient was initialized with `scope`.
| * | | Merge branch 'master' into 672-fix-null-expires-inOmer Katz2019-06-2913-22/+245
| |\ \ \ | | |/ /
| | * | Check for authorization response errorsMark Gregson2019-06-061-3/+6
| | | |
| | * | Enforce POST HTTP method on TokenEndpoint, IntrospectEndpoint and ↵Abhishek Patel2019-05-144-2/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RevocationEndpoint - Add validation checks for HTTP method in TokenEndpoint, IntrospectEndpoint and RevocationEndpoint. - CHANGE DEFAULT HTTP method for TokenEndpoint from 'GET' to 'POST'. - Add tests + Fix an old test in . It used to send query params to TokenEndpoint which is not allowed anymore. Fixed it so payload is sent as POST body.
| | * | Ban all query parameters on Intropspection, Token and Revocation endpopointAbhishek Patel2019-05-141-8/+4
| | | |
| | * | Add tests + create a global variable for blacklisted query parametersAbhishek Patel2019-05-141-7/+9
| | | |
| | * | Add validation check for presence of forbidden query parameters in OAuth2 ↵Abhishek Patel2019-05-144-1/+18
| | | | | | | | | | | | | | | | TokenEndpoint, IntrospectionEndpoint and RevocationEndpoint
| * | | Handle null value in expires_in field in JSON handlerJosh Holmer2019-04-301-1/+4
| | | | | | | | | | | | | | | | Closes #672
* | | | Add UserInfoEndpoint to the OIDC Provider support.Jonathan Huot2019-05-135-1/+149
| | | |
* | | | Removed duplicated code for oauth2.BaseEndpointJonathan Huot2019-05-131-48/+2
| |/ / |/| |
* | | Merge branch 'master' into 670-pkce-requestinfoJonathan Huot2019-05-077-16/+192
|\ \ \
| * \ \ Merge branch 'master' into patch-1Jonathan Huot2019-05-076-14/+190
| |\ \ \
| | * \ \ Merge branch 'master' into oidc-hashesoidc-hashesJonathan Huot2019-05-061-2/+2
| | |\ \ \
| | | * | | Add case-insensitive headers to oauth1 BaseEndpointJordan Gardner2019-05-011-2/+2
| | | |/ /
| | * | | Removed wrong assumption from copy/paste of get_autho.._scopes.Jonathan Huot2019-04-291-3/+2
| | | | | | | | | | | | | | | | | | | | This function should always have a good client_id and redirect_uri, because it is called after validate_token_request()
| | * | | Fix typo gave/haveJonathan Huot2019-04-291-2/+2
| | | | |
| | * | | Fix docstring about return valueJonathan Huot2019-04-291-1/+1
| | | | |
| | * | | Merge branch 'master' into oidc-hashesJonathan Huot2019-04-262-0/+20
| | |\ \ \ | | | |/ /
| | * | | Merge branch 'master' into oidc-hashesJonathan Huot2019-04-234-35/+35
| | |\ \ \
| | * | | | Python2.7 compatibleJonathan Huot2019-03-261-2/+2
| | | | | |
| | * | | | Add unittests for OIDC GrantTypeBase.Jonathan Huot2019-03-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Rename hash_id_token into id_token_hash
| | * | | | Use native operator instead type conversionJonathan Huot2019-03-261-1/+1
| | | | | |
| | * | | | Renamed fill into finalize to add clarityJonathan Huot2019-03-262-5/+5
| | | | | |
| | * | | | Merge branch 'master' into oidc-hashesJonathan Huot2019-03-051-1/+1
| | |\ \ \ \
| | * | | | | Change to 3.0.2-dev as long as master is in "dev"Jonathan Huot2019-03-051-1/+1
| | | | | | |
| | * | | | | Add c_hash. Add summary about when nonce/hashes are added to id_tokenJonathan Huot2019-02-281-0/+29
| | | | | | |
| | * | | | | Add technicals fields of `id_token` in oauthlib OIDC supportJonathan Huot2019-02-285-9/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A new RequestValidator `fill_id_token` has been introduced to replace `get_id_token`. It aims to have the bare minimum amount of fields to complete a full OIDC id_token support. `get_id_token` is still valid but optional, and if it is implemented, `fill_id_token` will not be called. The current `fill_id_token` came with full support of `aud`, `iat`, `nonce`, `at_hash` and `c_hash`. More could come in the future e.g. `auth_time`, ...
| | * | | | | Removed duplicated OIDC members in OAuth2.RequestValidatorJonathan Huot2019-02-282-182/+1
| | | | | | |
| * | | | | | token_type should be case insensitiveume2019-05-011-2/+2
| | |_|_|/ / | |/| | | |
* | | | | | Fix 670. AuthCode API must return the new PKCE attribute670-pkce-requestinfoJonathan Huot2019-04-261-0/+3
|/ / / / /
* | | | | refactor to get_debugAbhishek Patel2019-04-232-3/+3
| | | | | | | | | | | | | | | | | | | | - Oauthlib's debug mode can be checked with method
* | | | | add docAbhishek Patel2019-04-211-0/+8
| | | | |
* | | | | Add method to get/set debug flagAbhishek Patel2019-04-212-0/+12
| |_|/ / |/| | | | | | | | | | | | | | | | | | | - By default debug mode is always off - Debug mode turned on automatically for tests - Complete requests sanitized in non debug mode
* | | | fix include_client_id argumentArjan Keeman2019-04-014-35/+35
| |/ / |/| |
* | | Merge branch 'master' into oidc-reqval-duplicateoidc-reqval-duplicateJonathan Huot2019-03-041-1/+1
|\ \ \
| * | | Combine multiple isinstance() calls to oneJon Dufresne2019-03-021-1/+1
| | | |
* | | | Removed duplicated OIDC members in OAuth2.RequestValidatorJonathan Huot2019-02-282-182/+1
|/ / /
* | | Merge branch 'master' into oidc-nonceoidc-nonceJonathan Huot2019-02-271-1/+1
|\ \ \ | |/ / |/| |
View Lorry Controller Status