diaspora

Author	SHA1	Message	Date
Steffen van Bergerem	6fce81fc99	Merge branch 'stable' into develop	2016-01-20 21:37:30 +01:00
tamatsyk	960e651764	internationalize controller rescue_from text Fix typos change forbitten to forbidden fix styling issue and copypaste improve code style for aspec_memberships_controller.rb with rubocop fix styling issues aligned elements of hash literals fix typo fix locale name and styling of its usage fix failing tests closes #6554	2016-01-20 21:37:02 +01:00
theworldbright	b09ee87912	Update json-jwt legacy methods	2016-01-04 17:01:41 +09:00
theworldbright	58aef5658b	Fix remaining remarks	2016-01-04 17:01:40 +09:00
theworldbright	ed1dc256a8	Fix handling of error message in authorization controller	2016-01-04 16:49:58 +09:00
theworldbright	10938404e9	Fix HTTP request test mocks	2016-01-04 16:49:57 +09:00
theworldbright	c6bec2f2dc	Return error to RP instead of user for prompt=none	2016-01-04 16:49:57 +09:00
theworldbright	9fc8c63cae	Fix hash styles for stub_request	2016-01-04 16:49:57 +09:00
theworldbright	f1b394de0f	Fix remaining remarks	2016-01-04 16:49:57 +09:00
theworldbright	2f8c391ac6	Fix pronto and travis errors	2016-01-04 16:49:57 +09:00
theworldbright	0fbcb71255	Add support for request_uri and claims	2016-01-04 16:49:56 +09:00
theworldbright	82600003b3	Flash error messages when redirect_uri is invalid	2016-01-04 16:49:56 +09:00
theworldbright	adcf2ab7ab	Fix test for prompt == "none"	2016-01-04 16:49:56 +09:00
augier	d351db1982	Filter for prompt handling	2016-01-04 16:49:56 +09:00
augier	7b2be0d3c6	Support displaying TOS and policy	2016-01-04 16:49:56 +09:00
augier	6fcb9a9d3a	Add XSS spec for application's name	2016-01-04 16:49:56 +09:00
augier	2c7d102019	Design for authorization page when client_name not providen + XSS spec	2016-01-04 16:49:55 +09:00
theworldbright	fd467cd42b	Add private_key_jwt support See - http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication - https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata	2016-01-04 16:49:55 +09:00
theworldbright	1dcefdb998	Validate sector identifier uri and redirect uri	2016-01-04 16:49:55 +09:00
theworldbright	4be9f4d558	Make client name optional	2016-01-04 16:49:54 +09:00
augier	c33cce0953	Styling user consent form	2016-01-04 16:49:54 +09:00
theworldbright	1a7f2edc01	Perform major refactoring - Add foreign_keys - Remove unused classes/methods - Fix pronto errors - Add method to retrieve client id from name - Remove TODO comments - Fix unnecessary private key generation	2016-01-04 16:49:54 +09:00
theworldbright	e55a0b0d0b	Replace scopes with constants in Authorization	2016-01-04 16:49:54 +09:00
theworldbright	bb8fe6aa83	Adjust id token config to save private key to file	2016-01-04 16:49:53 +09:00
theworldbright	24fd70676c	Fix webfinger discovery route	2016-01-04 16:49:53 +09:00
theworldbright	ab65617958	Add support for max_age parameter Additionally add support for prompt's login option Signed-off-by: theworldbright <kent@kentshikama.com>	2016-01-04 16:49:53 +09:00
theworldbright	25f51c606a	Add support for prompt parameter	2016-01-04 16:49:53 +09:00
theworldbright	8be3be3e10	Refactor authorizations controller destroy action	2016-01-04 16:49:53 +09:00
theworldbright	6e1a673459	Replace let!() with factory girl	2016-01-04 16:49:52 +09:00
theworldbright	dd337d4163	Remove JSON root from client controller Signed-off-by: theworldbright <kent@kentshikama.com>	2016-01-04 16:49:52 +09:00
theworldbright	65c40f236e	Load scopes from seeds Signed-off-by: theworldbright <kent@kentshikama.com>	2016-01-04 16:49:51 +09:00
theworldbright	99d6d7b3e7	Add pairwise pseudonymous identifier support Squashed commits: [a182de7] Fix pronto/travis errors	2016-01-04 16:49:51 +09:00
theworldbright	d834a1d4d0	Replace user info endpoint with supported claims The route /api/v0/user/ will now be used as a non-OIDC route. In other words, the /api/v0/user/ will require the "read" scope while /api/openid_connect/user_info/ will require the "openid" scope	2016-01-04 16:49:51 +09:00
theworldbright	e5932968fd	Add support for authorization code flow	2016-01-04 16:49:51 +09:00
theworldbright	bc5e5c7420	Fix pronto errors	2016-01-04 16:49:51 +09:00
augier	de4f68c289	Support for more metadata	2016-01-04 16:49:50 +09:00
augier	cc28199555	Fixing hounds remarks	2016-01-04 16:49:50 +09:00
theworldbright	7b80a7408d	Add integration tests for implicit flow Squashed commits: [d5001fe] Refactor [8d8a23f] Add test for when authorization is denied [659fc56] Adjust password flow integration test	2016-01-04 16:49:50 +09:00
theworldbright	ee9ac06e1a	Add support for access tokens in implicit flow Squashed commits: [7dbf618] Use Rail's find_or_create_by method	2016-01-04 16:49:50 +09:00
theworldbright	2d762da072	Adjust tokens to fit revised Authorization	2016-01-04 16:49:50 +09:00
theworldbright	17fde49d61	Implement ID Token for the implicit flow	2016-01-04 16:49:50 +09:00
augier	031679762a	Redesign the models	2016-01-04 16:49:49 +09:00
theworldbright	9d9dc13272	Adjust discovery controller to current values	2016-01-04 16:49:49 +09:00
Augier	73cc55940d	Fix travis errors and refactor	2016-01-04 16:49:49 +09:00
theworldbright	3d26cbf657	Allow POST requests at authentication endpoint	2016-01-04 16:49:49 +09:00
theworldbright	3cfbcbce8f	Implement authorization endpoint (part 1) The user can now authenticate with the authorization server's authorization endpoint and receive a fake id token.	2016-01-04 16:49:49 +09:00
theworldbright	88d02ea35b	Add client registration Client must now be registered prior to imitating a call to the token endpoint with the password flow. Squashed commits: [fdcef62] Rename authorization endpoint to protected resource endpoint	2016-01-04 16:49:48 +09:00
theworldbright	52e10a91fe	Add tests for invalid token to password flow	2016-01-04 16:49:16 +09:00
theworldbright	9de2837a63	Move new API from /api/v2 to /api/v0	2016-01-04 16:49:16 +09:00
theworldbright	beae77102d	Allow current user to be obtained from access token	2016-01-04 16:49:16 +09:00

1 2 3 4 5 ...

1300 commits