nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20250 commits 4 branches 0 tags 121 MiB
Commit graph

60 commits

Author SHA1 Message Date
Jonne Haß
0aba20f85c OpenID Connect: ensure consistent issuer URL 
root_url does not know the right protocol in all contexts,
some clients are strict when validating this.
 2020-10-24 22:30:43 +02:00
Jonne Haß
0935451cd8 Return a default token_endpoint_auth_method when the client gives none in its OpenID Connect registration request 
Since we announce it in the supported metadata, some clients expect to be told what to use and don't fallback to the spec standard of
client_secret_basic on their own.
 2020-01-24 11:02:02 +01:00
Hank Grabowski
e127502be5 API Branch Final Cleanup Before PR 2018-12-30 22:33:04 +01:00
Hank Grabowski
9c730fc0f3 OpenID Scopes and Security updates 2018-12-30 22:33:04 +01:00
Benjamin Neff
6fb1e1f524
Bump jwt 2018-11-17 21:05:42 +01:00
Benjamin Neff
de5e22a543
Bump faraday 2018-11-17 21:04:37 +01:00
Benjamin Neff
cd30a2814d
Bump json-jwt and openid_connect 
Fixes CVE-2018-1000539
 2018-09-05 03:18:59 +02:00
Benjamin Neff
b8094544a0
Bump faraday 2018-04-12 02:41:54 +02:00
Benjamin Neff
e82690963d
Add # frozen_string_literal: true to all files 2017-09-17 19:29:15 +02:00
Benjamin Neff
385ab76077
Refactor OpenID specs to prevent duplicate client names 2017-08-12 15:39:24 +02:00
Benjamin Neff
2a6515fab9
Add params keyword to controller specs 2017-08-12 15:39:23 +02:00
Benjamin Neff
4f9e560ab3
Use RFC 7033 webfinger from diaspora_federation gem 2017-07-03 03:14:41 +02:00
Steffen van Bergerem
612455d41f
Bump faraday and twitter 
closes #7348
 2017-03-04 22:10:23 +01:00
cmrd Senya
31a31ecbe1
pass "state" parameter back to openid client 2016-12-01 03:16:50 +01:00
Justin Ramos
fa71af71c1 require spec_helper in .rspec 
closes #7223
 2016-11-27 21:27:12 +01:00
cmrd Senya
cdcf2d747e
Override forgery settings in controllers 
ClientsController and TokenEndpointController are called from the outside,
so CSRF verification prevents them from normal operation.

closes #7062
 2016-10-01 10:24:15 +02:00
cmrd Senya
4ae26e1ded Upgrade devise to 4.2 2016-08-11 12:25:36 +03:00
theworldbright
bb3849e4b1 Fix API privilege scope escalation 2016-03-11 17:18:21 -08:00
theworldbright
b09ee87912 Update json-jwt legacy methods 2016-01-04 17:01:41 +09:00
theworldbright
58aef5658b Fix remaining remarks 2016-01-04 17:01:40 +09:00
theworldbright
ed1dc256a8 Fix handling of error message in authorization controller 2016-01-04 16:49:58 +09:00
theworldbright
10938404e9 Fix HTTP request test mocks 2016-01-04 16:49:57 +09:00
theworldbright
c6bec2f2dc Return error to RP instead of user for prompt=none 2016-01-04 16:49:57 +09:00
theworldbright
9fc8c63cae Fix hash styles for stub_request 2016-01-04 16:49:57 +09:00
theworldbright
f1b394de0f Fix remaining remarks 2016-01-04 16:49:57 +09:00
theworldbright
2f8c391ac6 Fix pronto and travis errors 2016-01-04 16:49:57 +09:00
theworldbright
0fbcb71255 Add support for request_uri and claims 2016-01-04 16:49:56 +09:00
theworldbright
82600003b3 Flash error messages when redirect_uri is invalid 2016-01-04 16:49:56 +09:00
theworldbright
adcf2ab7ab Fix test for prompt == "none" 2016-01-04 16:49:56 +09:00
augier
d351db1982 Filter for prompt handling 2016-01-04 16:49:56 +09:00
augier
7b2be0d3c6 Support displaying TOS and policy 2016-01-04 16:49:56 +09:00
augier
6fcb9a9d3a Add XSS spec for application's name 2016-01-04 16:49:56 +09:00
augier
2c7d102019 Design for authorization page when client_name not providen + XSS spec 2016-01-04 16:49:55 +09:00
theworldbright
fd467cd42b Add private_key_jwt support 
See

- http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
- https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
 2016-01-04 16:49:55 +09:00
theworldbright
1dcefdb998 Validate sector identifier uri and redirect uri 2016-01-04 16:49:55 +09:00
theworldbright
4be9f4d558 Make client name optional 2016-01-04 16:49:54 +09:00
augier
c33cce0953 Styling user consent form 2016-01-04 16:49:54 +09:00
theworldbright
1a7f2edc01 Perform major refactoring 
- Add foreign_keys
- Remove unused classes/methods
- Fix pronto errors
- Add method to retrieve client id from name
- Remove TODO comments
- Fix unnecessary private key generation
 2016-01-04 16:49:54 +09:00
theworldbright
e55a0b0d0b Replace scopes with constants in Authorization 2016-01-04 16:49:54 +09:00
theworldbright
bb8fe6aa83 Adjust id token config to save private key to file 2016-01-04 16:49:53 +09:00
theworldbright
24fd70676c Fix webfinger discovery route 2016-01-04 16:49:53 +09:00
theworldbright
ab65617958 Add support for max_age parameter 
Additionally add support for prompt's login option

Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:53 +09:00
theworldbright
25f51c606a Add support for prompt parameter 2016-01-04 16:49:53 +09:00
theworldbright
8be3be3e10 Refactor authorizations controller destroy action 2016-01-04 16:49:53 +09:00
theworldbright
6e1a673459 Replace let!() with factory girl 2016-01-04 16:49:52 +09:00
theworldbright
dd337d4163 Remove JSON root from client controller 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:52 +09:00
theworldbright
65c40f236e Load scopes from seeds 
Signed-off-by: theworldbright <kent@kentshikama.com>
 2016-01-04 16:49:51 +09:00
theworldbright
99d6d7b3e7 Add pairwise pseudonymous identifier support 
Squashed commits:

[a182de7] Fix pronto/travis errors
 2016-01-04 16:49:51 +09:00
theworldbright
d834a1d4d0 Replace user info endpoint with supported claims 
The route /api/v0/user/ will now be used as a
non-OIDC route. In other words, the /api/v0/user/
will require the "read" scope while
/api/openid_connect/user_info/ will require the
"openid" scope
 2016-01-04 16:49:51 +09:00
theworldbright
e5932968fd Add support for authorization code flow 2016-01-04 16:49:51 +09:00