Allow get bodies in 3.0.2. #1

bryanhelmig · 2020-03-05T17:54:01Z

Put cebcda8 into our version of 3.0.2.

According to section 5.2 of rfc 6749 (https://tools.ietf.org/html/rfc6749#section-5.2) A server should respond with 400 in case of an invalid grant. The given grant is invalid and the client should give other data. A 401 is not applicable here because the client is required to give a suitable Authorization header field which doesn't make any sense if you are trying to acquire a grant authentication. According to sections 10.4.1 and 10.4.2 of rfc 2616 (https://tools.ietf.org/html/rfc2616#section-10.4.1)

it is useful when using pdb from commandline.

Authorization Code was missing this check, whereas Implicit was checking it.

A confusion between JWT as token and as authentication mechanism was introduced long-time back and I tried to make a bit of clarity to not confuse again the newcomers.

Clean doc

oauthlib#569: Implicit was not converting expires_in into integers

Extract common code into helpers

Remove unused 'requires' variable form setup.py

Neither used by Travis CI nor by tox.ini. The mock package was out of sync with requirements-tests.txt for Python 3 environments. Rather than maintain this duplicate, unused list of requirements just remove it.

Helps pip decide what version of the library to install. https://packaging.python.org/guides/distributing-packages-using-setuptools/#python-requires > If your project only runs on certain Python versions, setting the > python_requires argument to the appropriate PEP 440 version specifier > string will prevent pip from installing the project on other Python > versions. https://setuptools.readthedocs.io/en/latest/setuptools.html#new-and-changed-setup-keywords > python_requires > > A string corresponding to a version specifier (as defined in PEP 440) > for the Python version, used to specify the Requires-Python defined in > PEP 345.

Fixes warning when running tests: ``` tests/oauth1/rfc5849/endpoints/test_base.py:63 oauthlib/tests/oauth1/rfc5849/endpoints/test_base.py:63: DeprecationWarning: invalid escape sequence \d headers['Authorization'] = sub('timestamp="\d*k?"', ```

3.0.0 ChangeLog release

I fixed graphviz missing output to web responses (see image of oauthlib#639), and I have added a fixed rank (`rank=same`) when functions are achieving an identical goal. E.g. `validate_client_id`, `validate_user`, `validate_bearer_token` are unique for each flows, or, e.g. `confirm_redirect_uri`, `validate_redirect_uri` together, and so on. ![graphviz-0cc58e8637b94d7402eda45a1fef6e68889bd8e1](https://user-images.githubusercontent.com/820496/50830407-042ad600-1348-11e9-936a-03d07f42494f.png)

…lib#645) Test Introspect, Revoke, Token (web, legacy, backend) endpoints with authenticate_client and HTTP Basic Auth.

Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request. Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used.

Does not have purpose for /token request

Until now, only OIDC implicit was raising an error, but OIDC hybrid contain a couple of mandatory nonce, too.

I hope fixing the longstanding issue mentionned at oauthlib#582.

…dy params

akira-dev and others added 30 commits April 26, 2017 17:20

remove check on empty scopes

17593fd

Merge branch 'master' into master

8130cdc

Merge branch 'master' into master

dd120a5

Merge branch 'master' into master

048befd

Added flask-dance tests, see oauthlib#553

f991b57

Added htmlcov to help increase coverage locally

fbacd77

Call get_default_redirect_uri if no redirect_uri in token req

3b6be54

confirm_r. is called after auth_client

7996201

Removed silent output, since tests are not writing output

0c4ce54

it is useful when using pdb from commandline.

Merge branch 'master' into 445_confirm_redirect

a20120e

Add syntax check of get_default_redirect_uri

3a769e2

Authorization Code was missing this check, whereas Implicit was checking it.

Implicit was not converting expires_in into integers

38467a8

Added access_token as JWT examples, and updated JWT grant section

d9b3f24

A confusion between JWT as token and as authentication mechanism was introduced long-time back and I tried to make a bit of clarity to not confuse again the newcomers.

Added emacs ignore list

9abadd7

Added README.rst/setup.py check for pypi

a03cb73

Added credits to Idan & team.

19ebeae

Fixed typo

7b2de40

Removed last occurences of G+ with Gitter

e18a4cf

Mention our "extra" flags somewhere.

ed1a024

Added upstream test as best practice

28d95db

Updated python versions

6f4fbe6

Fixed bad copy/paste

e53203a

Merge pull request oauthlib#572 from oauthlib/clean-doc

3710299

Clean doc

Merge branch 'master' into docs-jwt

f0958f0

$ and ' are allowed to be unencoded in query strings (oauthlib#564)

d5d843d

Merge branch 'master' into master

daea090

Merge branch 'master' into invalid-grant-should-respond-with-400

37dad83

Merge branch 'master' into 569_expires_in_implicit

7c38b81

Merge pull request oauthlib#570 from oauthlib/569_expires_in_implicit

05b1185

oauthlib#569: Implicit was not converting expires_in into integers

JonathanHuot and others added 29 commits December 20, 2018 15:47

Merge pull request oauthlib#634 from oauthlib/dry-up-code

650f5db

Extract common code into helpers

Remove unused 'requires' variable form setup.py

cecb278

Merge pull request oauthlib#635 from jdufresne/requires

47c5e19

Remove unused 'requires' variable form setup.py

Remove unused 'tests_require' from setup.py (oauthlib#638)

d8fe024

Neither used by Travis CI nor by tox.ini. The mock package was out of sync with requirements-tests.txt for Python 3 environments. Rather than maintain this duplicate, unused list of requirements just remove it.

Add OAuth2 Provider oauthlib-flow

d4f4884

Update Changelog to 3.0.0

45135a2

Bump to 2019

f4273e7

Replace latest occurences of Gazit w/ new community

213a47c

Add Breaking Changes section & split Bugfixes

fa0b154

Merge pull request oauthlib#639 from oauthlib/3-release

9dfa40c

3.0.0 ChangeLog release

Fix 644, Add tests for BasicAuth credentials for all endpoints (oauth…

7586b0b

…lib#645) Test Introspect, Revoke, Token (web, legacy, backend) endpoints with authenticate_client and HTTP Basic Auth.

Bump to 3.0.1

575638c

Add clarity to the deprecation warning

66d7c00

Add authorization "state" preservation back for AuthCode

c17a4a2

Removed useless set_state internal function

87972cc

Does not have purpose for /token request

Change to 3.0.2-dev as long as master is in "dev"

ff68445

OIDC: Raise error=invalid_request when nonce is mandatory

0d423ac

Until now, only OIDC implicit was raising an error, but OIDC hybrid contain a couple of mandatory nonce, too.

Add nonce auth request check for authorization_code

ad7b154

Add nonce mandatory check for "id_token" response_type

2d9a89c

Move HybridGrant test into its respective file.

3ccaeb1

Added missing import after test moved

1ef4209

Notifications must be sent for every build

4e945e9

I hope fixing the longstanding issue mentionned at oauthlib#582.

Update for 3.0.2

5b2bfd5

Bump version

9e824cf

Do not raise ValueError any longer if a GET request has urlencoded bo…

06ab210

…dy params

bryanhelmig force-pushed the allow-get-bodies branch from ae8c4ec to 06ab210 Compare March 5, 2020 18:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow get bodies in 3.0.2. #1

Allow get bodies in 3.0.2. #1

bryanhelmig commented Mar 5, 2020

Allow get bodies in 3.0.2. #1

Are you sure you want to change the base?

Allow get bodies in 3.0.2. #1

Conversation

bryanhelmig commented Mar 5, 2020