-
Notifications
You must be signed in to change notification settings - Fork 368
Comparing changes
Open a pull request
base repository: ory/fosite
base: v0.27.0
head repository: ory/fosite
compare: master
Commits on Nov 3, 2018
-
oauth2: Improve refresh security and reliability (#332)
This patch resolves several issues regarding the refresh flow. First, an issue has been resolved which caused the audience to not be set in the refreshed access tokens. Second, scope and audience are validated against the client's whitelisted values and if the values are no longer allowed, the grant is canceled. Closes #331 Closes #325 Closes #324
Configuration menu - View commit details
-
Copy full SHA for 4e4121b - Browse repository at this point
Copy the full SHA 4e4121bView commit details
Commits on Nov 7, 2018
-
pkce: Allow hybrid flows (#328)
Signed-off-by: Adam Shannon <adamkshannon@gmail.com> Signed-off-by: Wenhao Ni <niwenhao@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for cdfddc8 - Browse repository at this point
Copy the full SHA cdfddc8View commit details
Commits on Nov 8, 2018
-
oauth2: Set exp for authorize code issued by hybrid flow (#333)
Signed-off-by: nerocrux <nerocrux@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d275e84 - Browse repository at this point
Copy the full SHA d275e84View commit details
Commits on Nov 12, 2018
-
introspect: Omit exp if ExpiresAt is zero value (#334)
Signed-off-by: nerocrux <nerocrux@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 6d50176 - Browse repository at this point
Copy the full SHA 6d50176View commit details -
- replace NewMemoryStore with NewExampleStore - fix length of signing key - fix config type Signed-off-by: Peter Schultz <peter.schultz@classmarkets.com>
Configuration menu - View commit details
-
Copy full SHA for 25cc6c4 - Browse repository at this point
Copy the full SHA 25cc6c4View commit details
Commits on Nov 16, 2018
-
oauth2: Add ability to specify refresh token lifespan (#337)
Set it to `-1` to disable this feature. Defaults to 30 days. Closes #319 Signed-off-by: arekkas <aeneas@ory.am>
Configuration menu - View commit details
-
Copy full SHA for fa65408 - Browse repository at this point
Copy the full SHA fa65408View commit details
Commits on Nov 29, 2018
-
Remove cryptopasta dependency (#339)
Signed-off-by: nerocrux <nerocrux@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b156e6b - Browse repository at this point
Copy the full SHA b156e6bView commit details
Commits on Dec 4, 2018
-
compose: Expose token entropy setting (#342)
Signed-off-by: nerocrux <nerocrux@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0761fca - Browse repository at this point
Copy the full SHA 0761fcaView commit details
Commits on Dec 23, 2018
-
oauth2: Don't double encode URL fragments (#346)
Closes #345 Signed-off-by: Grigoriev, Nikolai <nikolai.grigoriev@nuance.com>
Configuration menu - View commit details
-
Copy full SHA for 1f41934 - Browse repository at this point
Copy the full SHA 1f41934View commit details -
storage: adds new interface
Transactional
which is to be implemente……d by storage providers that can support transactions. Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c364b33 - Browse repository at this point
Copy the full SHA c364b33View commit details -
oauth2: use transactions in the refresh token flow (if the storage im…
…plementation implements the `Transactional` interface) to address #309 Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 07d1a39 - Browse repository at this point
Copy the full SHA 07d1a39View commit details -
internal: add mock for storage.Transactional + update generate-mocks.sh
Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 03f7bc8 - Browse repository at this point
Copy the full SHA 03f7bc8View commit details -
oauth2: add test coverage to exercise the transactional support in th…
…e RefreshTokenGrantHandler's PopulateTokenEndpointResponse method. Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b38d7c8 - Browse repository at this point
Copy the full SHA b38d7c8View commit details -
oauth2: use transactions in the auth code token flow (if the storage …
…implementation implements the `Transactional` interface) to address #309 Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e00c567 - Browse repository at this point
Copy the full SHA e00c567View commit details -
oauth2: add test coverage to exercise the transactional support in th…
…e AuthorizeExplicitGrantHandler's PopulateTokenEndpointResponse method. Signed-off-by: Amir Aslaminejad <aslaminejad@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 2f58f9e - Browse repository at this point
Copy the full SHA 2f58f9eView commit details
Commits on Feb 7, 2019
-
doc: Update HISTORY.md, README.md, CONTRIBUTING.md (#347)
* README: Breaks out `0.26.0` as was stuck inside a code block. * README: Ensures the later versions formats code blocks as Go code. * Runs doctoc to ensure TOCs are up to date. Signed-off-by: Matthew Hartstonge <matt@mykro.co.nz>
Configuration menu - View commit details
-
Copy full SHA for de5e61e - Browse repository at this point
Copy the full SHA de5e61eView commit details
Commits on Feb 18, 2019
-
errors: Remove useless details fn receiver (#349)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for af403c6 - Browse repository at this point
Copy the full SHA af403c6View commit details
Commits on Mar 18, 2019
-
example: Propagate session data properly (#353)
This example is slightly inaccurate; the session data will need to come from the returned AccessRequester, not the pre-created session. The session passed to IntrospectToken isn't mutated. Signed-off-by: David Ashby <delta.mu.alpha@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5ba0f04 - Browse repository at this point
Copy the full SHA 5ba0f04View commit details
Commits on Mar 27, 2019
-
token: Improve rotated secret error reporting in HMAC strategy (#354)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for f21d930 - Browse repository at this point
Copy the full SHA f21d930View commit details
Commits on Apr 11, 2019
-
Allow providing a custom redirect URI checker (#355)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 3d16e39 - Browse repository at this point
Copy the full SHA 3d16e39View commit details
Commits on Apr 17, 2019
-
Improve IsRedirectURISecure check
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for d6f8962 - Browse repository at this point
Copy the full SHA d6f8962View commit details -
Configuration menu - View commit details
-
Copy full SHA for a95ea09 - Browse repository at this point
Copy the full SHA a95ea09View commit details
Commits on Apr 25, 2019
-
core: Add debug log to invalid_client error(#358)
Signed-off-by: nerocrux <nerocrux@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for dce3111 - Browse repository at this point
Copy the full SHA dce3111View commit details
Commits on Apr 26, 2019
-
openid: Allow promp=none for https/localhost (#359)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 27bbe00 - Browse repository at this point
Copy the full SHA 27bbe00View commit details
Commits on May 15, 2019
-
docs: Updates issue and pull request templates (#361)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 35157e2 - Browse repository at this point
Copy the full SHA 35157e2View commit details
Commits on May 21, 2019
-
docs: Fix method/struct documents (#360)
Signed-off-by: budougumi0617 <budougumi0617@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ad06f22 - Browse repository at this point
Copy the full SHA ad06f22View commit details
Commits on May 23, 2019
-
docs: Updates issue and pull request templates (#365)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 90a3c50 - Browse repository at this point
Copy the full SHA 90a3c50View commit details -
docs: Updates issue and pull request templates (#366)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 27c64ec - Browse repository at this point
Copy the full SHA 27c64ecView commit details -
docs: Updates issue and pull request templates (#367)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 01cd955 - Browse repository at this point
Copy the full SHA 01cd955View commit details
Commits on Jul 2, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 1b7b479 - Browse repository at this point
Copy the full SHA 1b7b479View commit details
Commits on Jul 23, 2019
-
docs: Updates issue and pull request templates (#373)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 5962474 - Browse repository at this point
Copy the full SHA 5962474View commit details
Commits on Aug 5, 2019
-
docs: Updates issue and pull request templates (#374)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 9f7cf40 - Browse repository at this point
Copy the full SHA 9f7cf40View commit details
Commits on Aug 6, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 7219387 - Browse repository at this point
Copy the full SHA 7219387View commit details
Commits on Aug 9, 2019
-
docs: Updates issue and pull request templates (#376)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 165e93e - Browse repository at this point
Copy the full SHA 165e93eView commit details -
docs: Updates issue and pull request templates (#377)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 40590cb - Browse repository at this point
Copy the full SHA 40590cbView commit details
Commits on Aug 11, 2019
-
docs: Updates issue and pull request templates (#378)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 54426bb - Browse repository at this point
Copy the full SHA 54426bbView commit details
Commits on Aug 29, 2019
-
handler/revoke: respecting ErrInvalidRequest code (#380)
This commit modifies the case for ErrInvalidRequest in WriteRevocationResponse to respect the 400 error code and not fallthrough to ErrInvalidClient. Author: DefinitelyNotAGoat <baldrich@protonmail.com>
Configuration menu - View commit details
-
Copy full SHA for cc34bfb - Browse repository at this point
Copy the full SHA cc34bfbView commit details
Commits on Sep 16, 2019
-
Add RefreshTokenScopes Config (#371)
When set to true, this will return refresh tokens even if the user did not ask for the offline or offline_access Oauth Scope.
Configuration menu - View commit details
-
Copy full SHA for bcc7859 - Browse repository at this point
Copy the full SHA bcc7859View commit details -
Configuration menu - View commit details
-
Copy full SHA for e21830e - Browse repository at this point
Copy the full SHA e21830eView commit details
Commits on Sep 23, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 024667a - Browse repository at this point
Copy the full SHA 024667aView commit details
Commits on Oct 28, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 40a49f7 - Browse repository at this point
Copy the full SHA 40a49f7View commit details
Commits on Nov 21, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 3ece795 - Browse repository at this point
Copy the full SHA 3ece795View commit details
Commits on Jan 20, 2020
-
docs: Updates issue and pull request templates (#393)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for cdefb3e - Browse repository at this point
Copy the full SHA cdefb3eView commit details
Commits on Feb 2, 2020
-
docs: Updates issue and pull request templates (#394)
Signed-off-by: aeneasr <aeneas@ory.sh>
Configuration menu - View commit details
-
Copy full SHA for 119e6ab - Browse repository at this point
Copy the full SHA 119e6abView commit details
Commits on Feb 20, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 387cade - Browse repository at this point
Copy the full SHA 387cadeView commit details
Commits on Mar 2, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 67c081c - Browse repository at this point
Copy the full SHA 67c081cView commit details
Commits on Mar 3, 2020
-
feat: Add ExactOne and MatchesExact to Arguments (#399)
Previously Arguments.Exact had vague semantic where it coudln't distinguish between value with a space and multiple values. Split it into 2 functions with clear semantic. Old .Exact() remains for compatibility and marked as deprecated
Configuration menu - View commit details
-
Copy full SHA for cf23400 - Browse repository at this point
Copy the full SHA cf23400View commit details
Commits on Mar 4, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 4104135 - Browse repository at this point
Copy the full SHA 4104135View commit details
Commits on Mar 17, 2020
-
Configuration menu - View commit details
-
Copy full SHA for f99bb80 - Browse repository at this point
Copy the full SHA f99bb80View commit details
Commits on Mar 25, 2020
-
fix: handle concurrent transactional errors in the refresh token gran…
…t handler (#402) This commit provides the functionality required to address ory/hydra#1719 & ory/hydra#1735 by adding error checking to the RefreshTokenGrantHandler's PopulateTokenEndpointResponse method so it can deal with errors due to concurrent access. This will allow the authorization server to render a better error to the user-agent. No longer returns fosite.ErrServerError in the event the storage. Instead a wrapped fosite.ErrNotFound is returned when fetching the refresh token fails due to it no longer being present. This scenario is caused when the user sends two or more request to refresh using the same token and one request gets into the handler just after the prior request finished and successfully committed its transaction. Adds unit test coverage for transaction error handling logic added to the RefreshTokenGrantHandler's PopulateTokenEndpointResponse method
Configuration menu - View commit details
-
Copy full SHA for b17190b - Browse repository at this point
Copy the full SHA b17190bView commit details
There are no files selected for viewing
This file was deleted.