summaryrefslogtreecommitdiffstats
path: root/samples/OAuthAuthorizationServer
Commit message (Collapse)AuthorAgeFilesLines
* Fixes up some missing references.Andrew Arnott2012-12-292-2/+4
| | | | Upgrades MVC dependency from 1.0 to 3.0, via NuGet.
* System.Net.Http references recreated using NuGet.Andrew Arnott2012-12-282-4/+9
|
* Retargets exclusively to .NET 4.5 now.Andrew Arnott2012-12-281-1/+1
|
* Merge branch 'v4.1'Andrew Arnott2012-12-021-0/+4
|\ | | | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs src/version.txt
| * Fixes build breakAndrew Arnott2012-11-101-0/+4
| |
* | Authorization servers can override the granted scopes for all grant types.Andrew Arnott2012-10-301-2/+2
|/ | | | | | This change adds the ability for authorization servers to override the granted scopes of client credential and resource owner password grant types. Fixes #225
* Special handling for client credential grant typeAndrew Arnott2012-05-291-0/+4
| | | | | | | | Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138
* Resource owner password grant method renameAndrew Arnott2012-05-291-1/+1
| | | | | | | | | | | | Renamed IAuthorizationServerHost.IsResourceOwnerCredentialValid to TryAuthorizeResourceOwnerCredentialGrant so that authorization servers are prepared to approve refresh tokens that may be issued as a result of a resource owner password grant. This also removes some of the "validation" that wasn't really doing anything useful for resource owner password grant types. Toward an eventual fix for #138
* Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-251-7/+8
| | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* Fixed up the configuration story for OAuth 2.Andrew Arnott2012-04-181-3/+4
|
* We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-181-0/+6
|
* Authorization server hosts may now provide canonical usernames for the ↵Andrew Arnott2012-04-161-1/+1
| | | | | | resource owner given correct resource owner credentials. Fixes #103
* Authorization servers now gain insight into the calling client when ↵Andrew Arnott2012-04-151-1/+1
| | | | | | validating resource owner credential grant type requests. Fixes #101
* Fixes OAuth 2 authorization server sample's 401 unauthorized errors due to ↵Andrew Arnott2012-04-141-3/+3
| | | | | | IIS Express hosting. ...by avoiding IIS Express.
* Renamed IAuthorizationServer to IAuthorizationServerHost.Andrew Arnott2012-04-081-2/+2
| | | | To avoid confusion with the concrete class AuthorizationServer.
* Migrate all samples to target .NET 4.0 and use IIS Express (where available).Andrew Arnott2012-04-022-7/+11
| | | | | | InfoCardRelyingParty sample left out because it seems to cause input validation trouble. Fixes #108
* Fixed targeting of MVC 3 in OAuthAuthorizationServer sample.Andrew Arnott2012-04-011-1/+1
|
* Fixed typo.Andrew Arnott2012-04-011-1/+1
|
* Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-011-8/+21
| | | | Fixes #92
* Corrected old name of nonce store property.Andrew Arnott2012-04-011-1/+1
|
* Moved access token signing key to the parameters object.Andrew Arnott2012-03-311-8/+4
| | | | | | This also presumably solves the threading concerns of sharing one instance. Fixes #34
* Merge branch 'dev11' into v4.0Andrew Arnott2012-03-313-9/+13
|\ | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * Migrated to Dev11 project files. They should all open in Dev10 still ↵Andrew Arnott2012-03-313-9/+13
| | | | | | | | | | | | | | | | (except the new .sqlproj). This reverts commit a5e59982c1b66ebabd4c6436d4d3d177d2440649. Fixes #96
| * Revert "Migrated to Dev11 project files. They should all open in Dev10 ↵Andrew Arnott2012-03-303-13/+9
| | | | | | | | | | | | | | still (except the new .sqlproj)." This reverts commit dc59bdbc51fce4ad19cb41e5ca610915c2e99789, reversing changes made to e5b8e2e4bd925ef6967c264644e4d67749b5b3de.
| * Merged v4.0Andrew Arnott2012-03-302-2/+4
| |\
| * | Updated more references to MVC 3.Andrew Arnott2012-03-263-6/+6
| | |
| * | Merge branch 'v4.0' into dev11Andrew Arnott2012-03-214-15/+8
| |\ \ | | | | | | | | | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * | | Downgraded MVC projects from MVC 4 to MVC 3.Andrew Arnott2012-03-211-5/+1
| | | | | | | | | | | | | | | | MVC 4 is still in beta, and MVC 3 is sufficient for Dev11 compatibility.
| * | | Removed extra backup location tags from project files.Andrew Arnott2012-03-201-1/+0
| | | |
| * | | Completed Dev11 upgrade. The file churn on every file open is finally over.Andrew Arnott2012-03-201-2/+2
| | | | | | | | | | | | | | | | This required upgrading the MVC projects to MVC 4.
| * | | more noise.Andrew Arnott2012-02-241-1/+2
| | | |
| * | | more changes.Andrew Arnott2012-02-241-1/+1
| | | |
| * | | even more noise.Andrew Arnott2012-02-241-1/+1
| | | |
| * | | Project compatibility upgrades for Dev11.Andrew Arnott2012-02-241-2/+10
| | | |
* | | | Merge branch 'master' into oauth2refactorAndrew Arnott2012-03-243-3/+5
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * | | Incremented the OAuth 2.0 client sample's port # so as to not conflict with ↵Andrew Arnott2012-03-221-1/+1
| | | | | | | | | | | | | | | | the OAuth 1.0 consumer sample.
| * | | Upgraded MVC samples from MVC v2 to v3.Andrew Arnott2012-03-222-2/+4
| | |/ | |/|
* | | Fixed build breaks in the solution.Andrew Arnott2012-03-171-0/+4
| | |
* | | Redistributed OAuth2 code into their more specific assemblies.Andrew Arnott2012-03-161-10/+7
|/ /
* | Access token endpoint now can respond with appropriate errors.Andrew Arnott2012-03-141-6/+1
| |
* | Applied all the StyleCop fixes necessary by the StyleCop 4.7 upgrade.Andrew Arnott2012-03-103-7/+7
| |
* | Fixed StyleCop mesage.Andrew Arnott2012-03-011-1/+1
| |
* | Slightly simplified sample OAuth 2 authorization server token endpoint action.Andrew Arnott2012-02-251-6/+4
|/
* Adds support for the resource owner password credential grant.Andrew Arnott2012-02-241-2/+7
| | | | Fixes #72
* Fixed StyleCop messages.Andrew Arnott2012-02-201-9/+11
|
* Added another frame busting technique to make the authorization server more ↵Andrew Arnott2012-02-203-0/+41
| | | | secure.
* Fixed build breaks.Andrew Arnott2012-02-193-0/+32
|
* Renamed IConsumerDescription to IClientDescription.Andrew Arnott2012-02-122-5/+5
|
* Fixed nightly build so that it completes.Andrew Arnott2012-01-291-1/+1
|
* Fixed references to old DNOA.Messaging assembly in .config files.Andrew Arnott2012-01-291-3/+3
|
* Fixed build warnings regarding CLR 4 build and System.Web.Abstractions.dllAndrew Arnott2012-01-291-1/+1
|
* Renamed assembly DotNetOpenAuth.Messaging(.UI) to DotNetOpenAuth.Core(.UI)Andrew Arnott2012-01-121-2/+2
|
* Fixed .config files to refer to the DNOA config types explicitly. This fixed ↵Andrew Arnott2011-10-091-5/+5
| | | | the OpenIdOfflineProvider WPF sample.
* Fixed web.config files.Andrew Arnott2011-09-281-1/+6
|
* Samples now build.Andrew Arnott2011-08-021-0/+8
|
* Fixed compile errors in samples.Andrew Arnott2011-07-101-0/+14
|
* First pass at dividing DotNetOpenAuth features into separate assemblies.Andrew Arnott2011-07-011-6/+1
| | | | Nothing compiles at this point.
* Added missing imports to auth server sample.Andrew Arnott2011-06-261-0/+2
|
* Fixed StyleCop messages.Andrew Arnott2011-06-231-2/+2
|
* Split up the PrepareAccessToken method.Andrew Arnott2011-06-221-9/+15
|
* We have an implicit grant javascript client that can obtain an access token.Andrew Arnott2011-06-204-5/+22
| | | | It doesn't know how to use it yet though.
* Access token lifetimes are now controlled by the IAuthorizationServer ↵Andrew Arnott2011-06-162-16/+15
| | | | | | instance supplied by the host. It is consistent whether the access token is obtained via implicit grant or from a refresh token.
* Implicit grants are now sort of working on the authorization server side.unknown2011-06-152-41/+43
| | | | | | Still to do: * Ensure no auto-authorize of access tokens based on previous authorizations for the unauthenticated client. * Provide the authorization server with a way to indicate access token lifetime, and to veto the request based on the requested scopes being too dangerous for the less secure implicit grant type.
* Fixed a comment error and a hard-coded string.unknown2011-06-151-1/+1
|
* Fixed a few build breaks.Andrew Arnott2011-06-111-1/+1
|
* More work toward draft 16 compliance.Andrew Arnott2011-06-101-1/+1
|
* FxCop fixes.Andrew Arnott2011-05-281-1/+1
|
* Various fixes to the sample OAuth 2.0 Authorization Server sample.Andrew Arnott2011-05-274-1/+11
|
* Allowed for cycling of symmetric cryptographic keys by replacing the ↵Andrew Arnott2011-05-279-43/+247
| | | | | | effectively constant byte[] secret with a new ICryptoKeyStore throughout the OAuth 2 and OpenID stacks. And StyleCop fixes.
* StyleCop fixes.Andrew Arnott2011-05-201-50/+50
|
* Removed redundant code and increased key length for OAuth 2.0 authorization ↵Andrew Arnott2011-05-101-1/+1
| | | | server sample.
* Merge branch 'v3.4' into oauth2Andrew Arnott2011-05-061-59/+68
| | | | | | | | | Conflicts: samples/OAuthServiceProvider/Code/Global.cs src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd src/DotNetOpenAuth/DotNetOpenAuth.csproj src/DotNetOpenAuth/Messaging/Channel.cs src/version.txt
* Made the OAuth 2.0 callback validation more flexible to the host.Andrew Arnott2011-04-081-8/+17
|
* Whitespace.Andrew Arnott2011-04-071-34/+34
|
* Fixed static field initialization.Andrew Arnott2011-04-072-45/+40
|
* Allow sample authorization server to HTTP request to localhost.Andrew Arnott2011-04-071-1/+8
|
* Fixed non-thread-safe use of RsaCryptoServiceProvider instances.Andrew Arnott2011-04-072-10/+28
|
* Replaced OAuth2 API demands for RSAParameters with demands for ↵Andrew Arnott2011-04-062-105/+123
| | | | | | | | RSACryptoServiceProvider. This allows for servers that have non-exportable private keys to still use those private keys for signing and decryption. Closes #16
* Removed database component from the Resource Server sample.Andrew Arnott2010-08-112-5/+12
|
* Fixed bug where client authorizations didn't have to be associated with a user.Andrew Arnott2010-08-112-6/+6
|
* Fixed bug where sample logon page would throw due to no returnUrl parameter.Andrew Arnott2010-08-111-14/+17
|
* Non-functional cleanup.Andrew Arnott2010-08-112-15/+10
|
* Fixed sample release compilation.Andrew Arnott2010-08-011-1/+1
|
* Now StyleCop clean.Andrew Arnott2010-08-014-111/+107
|
* Some user-notification enhancements to the OAuth 2 samples.Andrew Arnott2010-08-011-1/+15
|
* The OAuthClient, OAuthResourceServer and OAuthAuthorizationServer samples ↵Andrew Arnott2010-08-0112-511/+129
| | | | now work!
* Split the OAuthServiceProvider sample into two samples: ↵Andrew Arnott2010-07-3143-0/+28145
OAuthAuthorizationServer and OAuthResourceServer. Renamed OAuthConsumer to OAuthClient.
generated by cgit v1.1 at 2025-05-28 19:55:56 +0000