Skip to content

Initial OAuth2.0/PKCE Provider support #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Dec 16, 2018
Merged

Initial OAuth2.0/PKCE Provider support #617

merged 15 commits into from
Dec 16, 2018

Conversation

JonathanHuot
Copy link
Member

@JonathanHuot JonathanHuot commented Nov 29, 2018
edited
Loading

Initial implementation of PKCE support for OAuth2.0 provider in oauthlib.

In order to have PKCE for your OAuth2.0 provider, you have three new RequestValidator methods to implement:

  • is_pkce_required(client_id, request) => default return False
  • get_code_challenge(code, request) => default return None
  • get_code_challenge_method(code, request) => raise NotImplemented (called only if get_code_challenge is overriden)

The behavior choosen was to not break any existing implementation, i.e. any upgrade to latest oauthlib will not give you PKCE for free and not break existing clients requests (even if they send a verifier or a challenge).

Any comments from downstream libraries devs are greatly appreciated. Also it can help jazzband/django-oauth-toolkit#656 to be resolved. Poke @jleclanche, @Maronato.

@JonathanHuot JonathanHuot mentioned this pull request Nov 30, 2018
Closed
@JonathanHuot
Add OAuth2 Provider Server Metadata for PKCE.
cf3cf40
@JonathanHuot
Add Server metadata test and fix metadata.
6bd865b 
Fix grant_types_supported which must include "implicit" even if it is not a grant_type in oauthlib sense. Removed internal "none" field value from the list of response_types.
@JonathanHuot
Sort dict and list in dict values for py27/36 compat
d7891e7
@JonathanHuot JonathanHuot mentioned this pull request Dec 3, 2018
Closed
23 tasks
@JonathanHuot JonathanHuot mentioned this pull request Dec 12, 2018
Closed
JeremyVriens
JeremyVriens reviewed Dec 12, 2018
View reviewed changes
@JonathanHuot JonathanHuot added this to the 3.0.0 milestone Dec 13, 2018
@JonathanHuot JonathanHuot added Feature OAuth2-Provider This impact the provider part of OAuth2 labels Dec 13, 2018
@skion skion mentioned this pull request Dec 15, 2018
Closed
@Maronato Maronato mentioned this pull request Dec 16, 2018
Merged
@Maronato
Copy link

@JonathanHuot it was pretty easy to implement your changes into django-oauth-toolkit. The PR containing the implementation is at jazzband/django-oauth-toolkit#678

@JonathanHuot JonathanHuot merged commit 8de1e52 into master Dec 16, 2018
@JonathanHuot JonathanHuot deleted the 601-pkce-support branch December 16, 2018 17:57
@JonathanHuot
Copy link
Member Author

Thanks @Maronato for your feedback! It's integrated into master now, we'll be able to release 3.0.0 soon.

@revant revant mentioned this pull request May 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JeremyVriens JeremyVriens JeremyVriens left review comments

Assignees
No one assigned
Labels
Feature OAuth2-Provider This impact the provider part of OAuth2
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@JonathanHuot @Maronato @JeremyVriens
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy