diaspora

Author	SHA1	Message	Date
cmrd Senya	9546fddb9e	[API] don't store ID tokens in DB fix #6857	2016-08-13 20:09:43 +03:00
theworldbright	bb3849e4b1	Fix API privilege scope escalation	2016-03-11 17:18:21 -08:00
theworldbright	38439277d6	Add licenses where appropriate	2016-01-04 17:22:44 +09:00
theworldbright	58aef5658b	Fix remaining remarks	2016-01-04 17:01:40 +09:00
theworldbright	9f85a90f55	Update code_used to false after issues new code	2016-01-04 16:49:58 +09:00
theworldbright	773a5a67d9	Add default kid to ID token	2016-01-04 16:49:58 +09:00
theworldbright	f1b394de0f	Fix remaining remarks	2016-01-04 16:49:57 +09:00
augier	d028b5672e	Fix remarks	2016-01-04 16:49:57 +09:00
theworldbright	0fbcb71255	Add support for request_uri and claims	2016-01-04 16:49:56 +09:00
theworldbright	9c9880d880	Move JWKs files to database	2016-01-04 16:49:56 +09:00
theworldbright	da766d8e8b	Revoke previously issued tokens on duplicate request	2016-01-04 16:49:55 +09:00
theworldbright	fd467cd42b	Add private_key_jwt support See - http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication - https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata	2016-01-04 16:49:55 +09:00
theworldbright	1dcefdb998	Validate sector identifier uri and redirect uri	2016-01-04 16:49:55 +09:00
theworldbright	5f19d8ffe6	Add acr value	2016-01-04 16:49:55 +09:00
theworldbright	a76f51a6a5	Use redirect_uri if no sector identifier for ppid As according to http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg: "If the Client has not provided a value for sector_identifier_uri in Dynamic Client Registration [OpenID.Registration], the Sector Identifier used for pairwise identifier calculation is the host component of the registered redirect_uri."	2016-01-04 16:49:55 +09:00
theworldbright	4be9f4d558	Make client name optional	2016-01-04 16:49:54 +09:00
theworldbright	9439a16d98	Fix failing auth code test and styles	2016-01-04 16:49:54 +09:00
augier	8c2af74447	Fixing last remarks	2016-01-04 16:49:54 +09:00
augier	c33cce0953	Styling user consent form	2016-01-04 16:49:54 +09:00
theworldbright	1a7f2edc01	Perform major refactoring - Add foreign_keys - Remove unused classes/methods - Fix pronto errors - Add method to retrieve client id from name - Remove TODO comments - Fix unnecessary private key generation	2016-01-04 16:49:54 +09:00
theworldbright	e55a0b0d0b	Replace scopes with constants in Authorization	2016-01-04 16:49:54 +09:00
theworldbright	858e8c2503	Prevent duplicate scopes in authorization	2016-01-04 16:49:54 +09:00
theworldbright	724f32604b	Add nonce to auth code flow	2016-01-04 16:49:53 +09:00
theworldbright	bb8fe6aa83	Adjust id token config to save private key to file	2016-01-04 16:49:53 +09:00
augier	07c12ba057	Using Camo for the application logo	2016-01-04 16:49:53 +09:00
augier	3fb2d262b8	Using entypo icon as default application image	2016-01-04 16:49:52 +09:00
theworldbright	3734e074a6	Fix pronto errors	2016-01-04 16:49:52 +09:00
theworldbright	98fd18077a	Add test for expired access token	2016-01-04 16:49:52 +09:00
augier	308170f691	Add applications information page	2016-01-04 16:49:52 +09:00
theworldbright	65c40f236e	Load scopes from seeds Signed-off-by: theworldbright <kent@kentshikama.com>	2016-01-04 16:49:51 +09:00
theworldbright	99d6d7b3e7	Add pairwise pseudonymous identifier support Squashed commits: [a182de7] Fix pronto/travis errors	2016-01-04 16:49:51 +09:00
theworldbright	e5932968fd	Add support for authorization code flow	2016-01-04 16:49:51 +09:00
theworldbright	bc5e5c7420	Fix pronto errors	2016-01-04 16:49:51 +09:00
danielgrippi	fdc0b681eb	remove unused api serializers (cruft)	2012-01-17 16:03:24 -08:00
Sarah Mei	c2c152ee4b	Change tag serializer to use tagged_people_count instead of people_count. Fixed typo (was tagge_people_count)	2011-10-16 15:55:22 -07:00
Sarah Mei	80821c9cc5	Basic tag metadata returned. Now what to do about posts?...	2011-10-16 15:25:11 -07:00
Maxwell Salzberg	d6e9809be1	MS SM finished tag stream refactor	2011-10-15 20:40:20 -07:00

37 commits