Skip to content

Fix non rotating refresh tokens #145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 39 commits into from
Jan 7, 2015
Merged

Fix non rotating refresh tokens #145

merged 39 commits into from
Jan 7, 2015

Conversation

zuzelvp
Copy link
Contributor

@zuzelvp zuzelvp commented Aug 29, 2014

Related to #138

lawik and others added 30 commits March 10, 2014 10:13
@lawik
#111: Custom URIValidator allows non-dotted hostnames and custom sche…
c6f7c20 
…mes.
@davidfischer-ch
Fix -> Using ModelFormMixin (base class of ApplicationUpdate) without…
5a88e7b 
… the fields attribute is prohibited.
@masci
Merge pull request #118 from waveaccounting/master
e78f93e 
Adds indexes to the OAuth2 related models.
@masci
bumped version to 0.7.1
b1af2b8
@masci
changelog
e8f8c70
@masci
added ashchristopher to the authors file
054c3ef
more flexible for related name of user field in AbstractApplication m…
fc7b99a 
…odel
@masci
Merge pull request #116 from davidfischer-ch/master
0c53660 
ModelFormMixin (base class of ApplicationUpdate) without the fields attribute is prohibited.
@masci
Merge pull request #119 from variable/related_name_fix
324cd9c 
more flexible for related name of user field in AbstractApplication model
@davecap
integrate token revocation flow
5c60bb3
@synasius
remove pin to oauthlib 0.6.1
5a63bab
@synasius
Bumped version 0.7.2 and changelog updated
ee1cbc3
@synasius
Merge branch 'fix-oauthlib-pinned-version'
5a0dd65
@synasius
Fixed tests to work with the latest ouathlib version
a63e63d
@synasius
Update requirements
6fcd01a
@masci
added builds for django 1.7
4f3f99e
@masci
make tests compatible through 1.4-1.7
480b447
@masci
Merge branch 'master' of https://github.com/lawik/django-oauth-toolkit
190b6de
@palazzem
configurable generated secret length
29fdeba
@masci
specialize URIValidator to validate redirect URIs
d00ed44
@masci
Merge branch 'master' of github.com:evonove/django-oauth-toolkit
aa798df
@synasius
Add assertion to ensure that request has a client attr on _load_appli…
c3ffc81 
…cation
@synasius
Merge branch 'revoke-keys' of github.com:solvebio/django-oauth-toolki…
da56a7b 
…t into davecap-revoke-keys
@palazzem
example app with python 3.4.1
17641fa
@palazzem
updated example requirements
f05bf48
@palazzem
upgrading bootstrap 3 and fontawesome 4
5505205
@palazzem
migrate bootstrap base template
12a1ca2
@palazzem
added context processor for dot version
52e6658
@palazzem
footer on all pages
157d195
@palazzem
upgrading bootstrap for all playground templates
19775ee
@coveralls
Copy link

Coverage Status

Coverage remained the same when pulling ff7cccf on waveaccounting:DEP-368-fix-permanent-refresh-tokens into e983442 on evonove:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.08%) when pulling 3437f07 on waveaccounting:DEP-368-fix-permanent-refresh-tokens into e983442 on evonove:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.03%) when pulling 3437f07 on waveaccounting:DEP-368-fix-permanent-refresh-tokens into e983442 on evonove:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.12%) when pulling 1f85558 on waveaccounting:DEP-368-fix-permanent-refresh-tokens into e983442 on evonove:master.

@conradev
Copy link
Contributor

@zuzelvp, While the refresh token is deleted here, isn't the same one immediately created right after here?

OAuthLib is the library that determines the new refresh token.

@zuzelvp
Copy link
Contributor Author

zuzelvp commented Aug 29, 2014

@conradev yes, I noticed after posting and deleted my previous comment ;)

@zuzelvp
Copy link
Contributor Author

zuzelvp commented Aug 29, 2014

@conradev FYI I am cool with either solution (i.e., removing the line that changes request.refresh_token or restoring it later). Feel free to reuse the tests on your pull request.

@zuzelvp zuzelvp changed the title WIP Fix non rotating refresh tokens Fix non rotating refresh tokens Sep 2, 2014
@masci masci added this to the 0.8.0 milestone Dec 15, 2014
@masci masci merged commit 1f85558 into django-oauth:master Jan 7, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.8.0

Development

Successfully merging this pull request may close these issues.

10 participants

@zuzelvp @coveralls @conradev @jarcoal @masci @lawik @davidfischer-ch @davecap @synasius @palazzem