summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merging in draft 16 compliance branch.Andrew Arnott2011-06-1335-399/+1230
|\
| * Last touch-ups to get DNOA up to draft 16 compliance (at least for the ↵Andrew Arnott2011-06-123-1/+3
| | | | | | | | | | | | success cases). Incidentally, Facebook doesn't currently support draft 16, so fb interop is broken.
| * Fixed a few build breaks.Andrew Arnott2011-06-113-14/+2
| |
| * Brought bearer access token up to the draft 16 spec.Andrew Arnott2011-06-117-109/+89
| |
| * Renamed ITokenCarryingRequest to IAuthorizationCarryingRequest.Andrew Arnott2011-06-1111-130/+39
| |
| * StyleCop fix.Andrew Arnott2011-06-111-1/+1
| |
| * Moved access token request scope parameter into a derived class so that it ↵Andrew Arnott2011-06-1110-98/+154
| | | | | | | | | | | | does not apply to the authorization code access token request. Deleted the assertion access token request message which is no longer in the base spec.
| * More work toward draft 16 compliance.Andrew Arnott2011-06-1016-146/+1042
|/
* Added OAuth 2.0 messages class diagram.Andrew Arnott2011-06-072-0/+267
|
* Added OAuth 2.0 DRAFT 16 spec.Andrew Arnott2011-06-072-0/+3081
|
* Updated version # to 4.0.Andrew Arnott2011-06-061-1/+1
|
* Merging OAuth 2.0 work into what will become DotNetOpenAuth 4.0.Andrew Arnott2011-06-06728-7469/+123100
|\
| * Introduced ICryptoKeyStore, and worked it into OpenID OPs, RPs, and OAuth ↵Andrew Arnott2011-05-28165-2477/+4097
| |\ | | | | | | | | | 2.0 roles.
| | * Fixed unit tests so there are no failures.Andrew Arnott2011-05-287-10/+29
| | |
| | * FxCop fixes.Andrew Arnott2011-05-2863-541/+690
| | |
| | * StyleCop fixes.Andrew Arnott2011-05-2713-19/+19
| | |
| | * Optimized RP's return_to nonce to not require URI-escaping and to bucket all ↵Andrew Arnott2011-05-271-3/+8
| | | | | | | | | | | | nonces in the same bin.
| | * Fixed a couple of bugs in the RP sample's custom store.Andrew Arnott2011-05-272-3/+10
| | |
| | * Various fixes to the sample OAuth 2.0 Authorization Server sample.Andrew Arnott2011-05-274-1/+11
| | |
| | * OAuth 2 client is more forgiving of incorrect Content-Type headers coming in ↵Andrew Arnott2011-05-272-1/+7
| | | | | | | | | | | | direct responses.
| | * Allowed for cycling of symmetric cryptographic keys by replacing the ↵Andrew Arnott2011-05-2728-181/+501
| | | | | | | | | | | | | | | | | | effectively constant byte[] secret with a new ICryptoKeyStore throughout the OAuth 2 and OpenID stacks. And StyleCop fixes.
| | * Added the necessary copyright notice on the Diffie-Hellman algorithm ↵Andrew Arnott2011-05-224-1/+34
| | | | | | | | | | | | implementation.
| | * Moved the private secret age setting to a more global location.Andrew Arnott2011-05-214-25/+25
| | |
| | * Moved ICryptoKeyStore and related types to the Messaging.Bindings namespace.Andrew Arnott2011-05-2116-11/+28
| | |
| | * Fixed association lifetime handling for encoded handles.Andrew Arnott2011-05-212-2/+2
| | |
| | * Removed old scripts from db project.Andrew Arnott2011-05-2011-84/+0
| | |
| | * Renamed project template's stored proc to match new name.Andrew Arnott2011-05-207-12/+12
| | |
| | * StyleCop fixes.Andrew Arnott2011-05-209-68/+152
| | |
| | * Consolidated the IProviderApplicationStore and IRelyingPartyApplicationStore ↵Andrew Arnott2011-05-2017-75/+45
| | | | | | | | | | | | interfaces since they were equivalent.
| | * Providers and Relying Parties both implement a unified pair of ↵Andrew Arnott2011-05-2018-249/+446
| | | | | | | | | | | | | | | | | | ICryptoKeyStore and INonceStore. OPs can configure to use encoded association handles or database-backed ones based on a simple web.config switch.
| | * Updated samples and project template custom stores to use ICryptoKeyStore ↵Andrew Arnott2011-05-1521-572/+483
| | | | | | | | | | | | for RPs.
| | * OpenID RPs switched over to the ICryptoKeyStore backing store.Andrew Arnott2011-05-1313-417/+371
| | |
| | * Added wrapper that allows storing of associations in an ICryptoKeyStore.Andrew Arnott2011-05-123-1/+93
| | |
| | * Added ICryptoKeyStore to try to abstract away association stores as well as ↵Andrew Arnott2011-05-125-9/+448
| | | | | | | | | | | | other secrets that OpenID RPs, OPs, and OAuth must keep.
| | * Removed redundant code and increased key length for OAuth 2.0 authorization ↵Andrew Arnott2011-05-102-12/+2
| | | | | | | | | | | | server sample.
| | * Increased symmetric key length from 128 bits to 256 bits that protect ↵Andrew Arnott2011-05-101-1/+1
| | | | | | | | | | | | association secrets.
| | * Changed references to DistinguishingFactor to be ProviderEndpoint.Andrew Arnott2011-05-109-62/+63
| | |
| | * Brought custom association store sample for Providers up to date.Andrew Arnott2011-05-099-80/+85
| | |
| | * Added implementation guidance to the IProviderAssociationStore interface.Andrew Arnott2011-05-081-0/+9
| | |
| | * Created an IProviderAssociationStore interface so that encoding the ↵Andrew Arnott2011-05-0830-140/+270
| | | | | | | | | | | | association into the handle is just one option.
| | * StyleCop fixes and functional touch-ups.Andrew Arnott2011-05-0825-173/+323
| | |
| | * Added a binary DataBag serializer mechanism that cuts the association handle ↵Andrew Arnott2011-05-086-21/+153
| | | | | | | | | | | | size down from 300+ characters to 141 characters.
| | * Refactored UriStyleMessageFormatter into a class hierarchy that will make it ↵Andrew Arnott2011-05-084-256/+315
| | | | | | | | | | | | easy to serialize DataBag instances differently.
| | * OpenID Provider association stores replaced with self-describing association ↵Andrew Arnott2011-05-0735-444/+459
| | | | | | | | | | | | handles.
| | * Moved UriStyleMessageFormatter into Messaging namespace.Andrew Arnott2011-05-072-4/+4
| |/
| * StyleCop fix.Andrew Arnott2011-05-071-17/+22
| |
| * Moved DataBag into the Messaging namespace to prepare for use by OpenID ↵Andrew Arnott2011-05-075-69/+151
| | | | | | | | associations.
| * Merge branch 'v3.4' into oauth2Andrew Arnott2011-05-0681-564/+1964
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: samples/OAuthServiceProvider/Code/Global.cs src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd src/DotNetOpenAuth/DotNetOpenAuth.csproj src/DotNetOpenAuth/Messaging/Channel.cs src/version.txt
| | * Increased allowable time for perf tests to run.Andrew Arnott2011-05-031-3/+3
| | |
| | * Removed quiet CPU test step.Andrew Arnott2011-05-031-3/+3
| | |
| | * Made quiet CPU requirement during perf tests more lenient.Andrew Arnott2011-05-031-1/+1
| | |
| | * Fix (hopefully) the Win32Exception thrown on the build server during unit tests.Andrew Arnott2011-05-031-1/+2
| | |
| | * Stabilized performance tests against differences in hardware.Andrew Arnott2011-05-037-65/+715
| | |\
| | | * Moved the performance measuring method into TestBase.Andrew Arnott2011-05-033-35/+37
| | | |
| | | * Hid more implementation details of perf measurements.Andrew Arnott2011-05-034-130/+118
| | | |
| | | * StyleCop clean.Andrew Arnott2011-05-037-385/+196
| | | |
| | | * Perf tests now compare results against a baseline produced on the test machine.Andrew Arnott2011-05-028-65/+914
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | This uses portions of MeasureIt, which normalizes perf measurements in terms of the machine's speed. We also do other things to reduce noise: * set process and thread priority * wait for the CPU to quiet down before beginning. * set power management to High Performance * wake the CPU up if it's in a low power mode.
| | * Updated NUnit.Framework.dll reference assembly.Andrew Arnott2011-05-021-0/+0
| | |
| | * Incremented version file.Andrew Arnott2011-05-011-1/+1
| | |
| | * Fixed visible build artifacts in OpenIdOfflineProvider shipping sample.v3.4.7.11121Andrew Arnott2011-05-011-3/+11
| | |
| | * Removed System.Web.Mvc.dll from the tools.proj output.Andrew Arnott2011-05-011-0/+1
| | |
| | * Removed the explicit namespaces from all the SuppressMessageAttribute ↵Andrew Arnott2011-04-3021-89/+98
| | | | | | | | | | | | references.
| | * Suppressed a new FxCop message.Andrew Arnott2011-04-301-0/+1
| | |
| | * Excluded .vs10x files from nightly drop.Andrew Arnott2011-04-301-0/+1
| | |
| | * vsix and vsi builds now include VS version in filename.Andrew Arnott2011-04-302-5/+5
| | | | | | | | | | | | Closes #22
| | * Updated NuGet web.config transform to include another security comment.Andrew Arnott2011-04-302-1/+8
| | |
| | * Makes the maximum URL length adjustable to accomodate browsers and firewalls.Andrew Arnott2011-04-303-9/+62
| | | | | | | | | | | | Closes #29
| | * FxCop fixes and suppressions.Andrew Arnott2011-04-2944-341/+540
| | | | | | | | | | | | The "CodeAnalysis" configuration now runs clean.
| | * Fixed StyleCop issues.Andrew Arnott2011-04-272-1/+2
| | |
| | * Merge branch 'TrustedProviders' into v3.4Andrew Arnott2011-04-2316-28/+268
| | |\
| | | * Added sample trustedProviders config tag to all sample RPs.Andrew Arnott2011-04-235-3/+30
| | | |
| | | * Removed the allowSubPath and allowAdditionalQueryParameters settings from ↵Andrew Arnott2011-04-236-76/+9
| | | | | | | | | | | | | | | | the trusted Providers configuration since we don't yet have an implementation to support it, nor users asking for it.
| | | * Hooked up trusted provider check during OpenID identifier discovery and ↵Andrew Arnott2011-04-234-20/+46
| | | | | | | | | | | | | | | | positive assertion processing at the RP.
| | | * Added TrustedProviders setting in OpenID security settings.Andrew Arnott2011-04-197-5/+259
| | |/ | | | | | | | | | It doesn't actually alter runtime behavior yet.
| | * Added base signature string test for protected resource requests.Andrew Arnott2011-04-171-0/+26
| | |
| | * Added ILMerge to toolset to remove it as an external dependency on a build ↵Andrew Arnott2011-04-154-0/+105
| | | | | | | | | | | | machine.
| | * StyleCop fixes.Andrew Arnott2011-04-152-2/+2
| | |
| | * Corrected copy-paste error.Andrew Arnott2011-04-151-1/+1
| | |
| | * Fixes OAuth 1.0 signatures on Service Providers for messages that omit the ↵Andrew Arnott2011-04-157-1/+90
| | | | | | | | | | | | | | | | | | optional oauth_version parameter. Closes #28
| | * Added missing error handling transaction reversal code.Andrew Arnott2011-04-131-0/+9
| | |
| | * Saved 80% of request/response size by gzip compressing Google OAuth requests.Mike Lim2011-04-131-0/+5
| | |
| * | Added OpenID Connect Core draft 4.Andrew Arnott2011-05-061-0/+2240
| | |
| * | Saved 80% of request/response size by gzip compressing Google OAuth requests.Mike Lim2011-04-131-0/+5
| | |
| * | Fixed up some error response codes to match draft 15.Andrew Arnott2011-04-111-26/+11
| | |
| * | Applied requirement that the authorization endpoint be HTTPS, per the spec.Andrew Arnott2011-04-083-18/+5
| | |
| * | Made the OAuth 2.0 callback validation more flexible to the host.Andrew Arnott2011-04-088-65/+107
| | |
| * | OAuth 2.0 callback URLs must be absolute URIs.Andrew Arnott2011-04-083-1/+24
| | |
| * | Removed all the AllowEmpty attribute parameters in OAuth 2.0 messages ↵Andrew Arnott2011-04-0814-33/+33
| | | | | | | | | | | | because the spec says empty parameters should be dropped and therefore are irrelevant.
| * | Forces OAuth 2.0 to consider empty parameters to be absent, per the spec ↵Andrew Arnott2011-04-082-0/+28
| | | | | | | | | | | | requirement.
| * | Whitespace.Andrew Arnott2011-04-071-34/+34
| | |
| * | Fixed static field initialization.Andrew Arnott2011-04-079-146/+130
| | |
| * | Allow sample authorization server to HTTP request to localhost.Andrew Arnott2011-04-071-1/+8
| | |
| * | Fixed non-thread-safe use of RsaCryptoServiceProvider instances.Andrew Arnott2011-04-076-24/+77
| | |
| * | Replaced OAuth2 API demands for RSAParameters with demands for ↵Andrew Arnott2011-04-0611-146/+186
| | | | | | | | | | | | | | | | | | | | | | | | RSACryptoServiceProvider. This allows for servers that have non-exportable private keys to still use those private keys for signing and decryption. Closes #16
| * | Merge branch 'v3.4' into oauth2Andrew Arnott2011-04-06291-715/+74255
| |\ \ | | |/ | | | | | | | | | | | | | | | Conflicts: projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs samples/DotNetOpenAuth.ApplicationBlock/DotNetOpenAuth.ApplicationBlock.csproj samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
| | * Fixed build breaks and StyleCop messages from prior commit.Andrew Arnott2011-04-066-21/+34
| | |
| | * DetectGoogleSession sample now correctly identifies the successful ↵Andrew Arnott2011-04-063-4/+24
| | | | | | | | | | | | Authenticated result.
| | * Merge branch 'NegativeAssertionExtensions' into v3.4Andrew Arnott2011-04-0510-39/+172
| | |\
| | | * Added DetectGoogleSession sample.Andrew Arnott2011-04-056-0/+132
| | | | | | | | | | | | | | | | Closes #21
| | | * Promoted OpenID extension handling to the base indirect response class so ↵Andrew Arnott2011-04-053-38/+39
| | | | | | | | | | | | | | | | | | | | | | | | that even negative responses can include untrusted extensions. Although support for an extension in a negative assertion is not in the spec, Google exercises this ability for their x-has-session addition to the UI extension response.
generated by cgit v1.1 at 2025-06-06 01:07:24 +0000