forked from oauthlib/oauthlib
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow get bodies in 3.0.2. #1
Open
bryanhelmig
wants to merge
209
commits into
master
Choose a base branch
from
allow-get-bodies
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
According to section 5.2 of rfc 6749 (https://tools.ietf.org/html/rfc6749#section-5.2) A server should respond with 400 in case of an invalid grant. The given grant is invalid and the client should give other data. A 401 is not applicable here because the client is required to give a suitable Authorization header field which doesn't make any sense if you are trying to acquire a grant authentication. According to sections 10.4.1 and 10.4.2 of rfc 2616 (https://tools.ietf.org/html/rfc2616#section-10.4.1)
it is useful when using pdb from commandline.
Authorization Code was missing this check, whereas Implicit was checking it.
A confusion between JWT as token and as authentication mechanism was introduced long-time back and I tried to make a bit of clarity to not confuse again the newcomers.
oauthlib#569: Implicit was not converting expires_in into integers
Extract common code into helpers
Remove unused 'requires' variable form setup.py
Neither used by Travis CI nor by tox.ini. The mock package was out of sync with requirements-tests.txt for Python 3 environments. Rather than maintain this duplicate, unused list of requirements just remove it.
Helps pip decide what version of the library to install. https://packaging.python.org/guides/distributing-packages-using-setuptools/#python-requires > If your project only runs on certain Python versions, setting the > python_requires argument to the appropriate PEP 440 version specifier > string will prevent pip from installing the project on other Python > versions. https://setuptools.readthedocs.io/en/latest/setuptools.html#new-and-changed-setup-keywords > python_requires > > A string corresponding to a version specifier (as defined in PEP 440) > for the Python version, used to specify the Requires-Python defined in > PEP 345.
Fixes warning when running tests: ``` tests/oauth1/rfc5849/endpoints/test_base.py:63 oauthlib/tests/oauth1/rfc5849/endpoints/test_base.py:63: DeprecationWarning: invalid escape sequence \d headers['Authorization'] = sub('timestamp="\d*k?"', ```
3.0.0 ChangeLog release
I fixed graphviz missing output to web responses (see image of oauthlib#639), and I have added a fixed rank (`rank=same`) when functions are achieving an identical goal. E.g. `validate_client_id`, `validate_user`, `validate_bearer_token` are unique for each flows, or, e.g. `confirm_redirect_uri`, `validate_redirect_uri` together, and so on. ![graphviz-0cc58e8637b94d7402eda45a1fef6e68889bd8e1](https://user-images.githubusercontent.com/820496/50830407-042ad600-1348-11e9-936a-03d07f42494f.png)
…lib#645) Test Introspect, Revoke, Token (web, legacy, backend) endpoints with authenticate_client and HTTP Basic Auth.
Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used.
Does not have purpose for /token request
Until now, only OIDC implicit was raising an error, but OIDC hybrid contain a couple of mandatory nonce, too.
I hope fixing the longstanding issue mentionned at oauthlib#582.
bryanhelmig
force-pushed
the
allow-get-bodies
branch
from
March 5, 2020 18:22
ae8c4ec
to
06ab210
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Put cebcda8 into our version of 3.0.2.