| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Authorization servers can override the granted scopes for all grant types. | Andrew Arnott | 2012-10-30 | 1 | -2/+2 |
| | | | | | | | This change adds the ability for authorization servers to override the granted scopes of client credential and resource owner password grant types. Fixes #225 | ||||
| * | Special handling for client credential grant type | Andrew Arnott | 2012-05-29 | 1 | -0/+4 |
| | | | | | | | | | Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138 | ||||
| * | Resource owner password grant method rename | Andrew Arnott | 2012-05-29 | 1 | -1/+1 |
| | | | | | | | | | | | | | Renamed IAuthorizationServerHost.IsResourceOwnerCredentialValid to TryAuthorizeResourceOwnerCredentialGrant so that authorization servers are prepared to approve refresh tokens that may be issued as a result of a resource owner password grant. This also removes some of the "validation" that wasn't really doing anything useful for resource owner password grant types. Toward an eventual fix for #138 | ||||
| * | Authorization Server hosts now instantiate their own AccessTokens rather ↵ | Andrew Arnott | 2012-04-25 | 1 | -7/+8 |
| | | | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think. | ||||
| * | Authorization server hosts may now provide canonical usernames for the ↵ | Andrew Arnott | 2012-04-16 | 1 | -1/+1 |
| | | | | | | | resource owner given correct resource owner credentials. Fixes #103 | ||||
| * | Authorization servers now gain insight into the calling client when ↵ | Andrew Arnott | 2012-04-15 | 1 | -1/+1 |
| | | | | | | | validating resource owner credential grant type requests. Fixes #101 | ||||
| * | Renamed IAuthorizationServer to IAuthorizationServerHost. | Andrew Arnott | 2012-04-08 | 1 | -2/+2 |
| | | | | | To avoid confusion with the concrete class AuthorizationServer. | ||||
| * | Corrected old name of nonce store property. | Andrew Arnott | 2012-04-01 | 1 | -1/+1 |
| | | |||||
| * | Moved access token signing key to the parameters object. | Andrew Arnott | 2012-03-31 | 1 | -8/+4 |
| | | | | | | | This also presumably solves the threading concerns of sharing one instance. Fixes #34 | ||||
| * | Redistributed OAuth2 code into their more specific assemblies. | Andrew Arnott | 2012-03-16 | 1 | -10/+7 |
| | | |||||
| * | Adds support for the resource owner password credential grant. | Andrew Arnott | 2012-02-24 | 1 | -2/+7 |
| | | | | | Fixes #72 | ||||
| * | Renamed IConsumerDescription to IClientDescription. | Andrew Arnott | 2012-02-12 | 1 | -1/+1 |
| | | |||||
| * | Fixed StyleCop messages. | Andrew Arnott | 2011-06-23 | 1 | -2/+2 |
| | | |||||
| * | Split up the PrepareAccessToken method. | Andrew Arnott | 2011-06-22 | 1 | -9/+15 |
| | | |||||
| * | Access token lifetimes are now controlled by the IAuthorizationServer ↵ | Andrew Arnott | 2011-06-16 | 1 | -5/+14 |
| | | | | | | | instance supplied by the host. It is consistent whether the access token is obtained via implicit grant or from a refresh token. | ||||
| * | Implicit grants are now sort of working on the authorization server side. | unknown | 2011-06-15 | 1 | -9/+41 |
| | | | | | | | Still to do: * Ensure no auto-authorize of access tokens based on previous authorizations for the unauthenticated client. * Provide the authorization server with a way to indicate access token lifetime, and to veto the request based on the requested scopes being too dangerous for the less secure implicit grant type. | ||||
| * | Fixed a few build breaks. | Andrew Arnott | 2011-06-11 | 1 | -1/+1 |
| | | |||||
| * | More work toward draft 16 compliance. | Andrew Arnott | 2011-06-10 | 1 | -1/+1 |
| | | |||||
| * | FxCop fixes. | Andrew Arnott | 2011-05-28 | 1 | -1/+1 |
| | | |||||
| * | Various fixes to the sample OAuth 2.0 Authorization Server sample. | Andrew Arnott | 2011-05-27 | 1 | -0/+4 |
| | | |||||
| * | Allowed for cycling of symmetric cryptographic keys by replacing the ↵ | Andrew Arnott | 2011-05-27 | 1 | -26/+9 |
| | | | | | | | effectively constant byte[] secret with a new ICryptoKeyStore throughout the OAuth 2 and OpenID stacks. And StyleCop fixes. | ||||
| * | StyleCop fixes. | Andrew Arnott | 2011-05-20 | 1 | -50/+50 |
| | | |||||
| * | Removed redundant code and increased key length for OAuth 2.0 authorization ↵ | Andrew Arnott | 2011-05-10 | 1 | -1/+1 |
| | | | | | server sample. | ||||
| * | Fixed static field initialization. | Andrew Arnott | 2011-04-07 | 1 | -32/+34 |
| | | |||||
| * | Fixed non-thread-safe use of RsaCryptoServiceProvider instances. | Andrew Arnott | 2011-04-07 | 1 | -5/+17 |
| | | |||||
| * | Replaced OAuth2 API demands for RSAParameters with demands for ↵ | Andrew Arnott | 2011-04-06 | 1 | -2/+7 |
| | | | | | | | | | RSACryptoServiceProvider. This allows for servers that have non-exportable private keys to still use those private keys for signing and decryption. Closes #16 | ||||
| * | Split the OAuthServiceProvider sample into two samples: ↵ | Andrew Arnott | 2010-07-31 | 1 | -0/+133 |
| OAuthAuthorizationServer and OAuthResourceServer. Renamed OAuthConsumer to OAuthClient. | |||||
 |
index : DotNetOpenAuth | |
| Unnamed repository; edit this file 'description' to name the repository. | Erik Andersson |
| summaryrefslogtreecommitdiffstats |