summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Core/Messaging
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'v4.2' into v4.3Andrew Arnott2013-04-221-4/+7
|\
| * Use only web safe characters in client state argAndrew Arnott2013-04-111-4/+7
| | | | | | | | Fixes #268
* | Merge branch 'v4.2' into v4.3Andrew Arnott2013-04-112-1/+3
|\ \ | |/ | | | | | | Conflicts: src/version.txt
| * Merge branch 'v4.1' into v4.2Andrew Arnott2013-04-111-0/+2
| |\
| | * Adds Content-Length header to direct responses.Andrew Arnott2013-03-091-0/+2
| | |
| * | Fix Error LoggingJohn McKim2013-02-261-1/+1
| | |
* | | Adds DelegatingHandler implementations for OAuth 1 consumers that sign ↵Andrew Arnott2013-02-231-6/+36
|/ / | | | | | | outgoing requests.
* | Merge remote-tracking branch 'origin/v4.1' into v4.2v4.2.2.13055Andrew Arnott2013-02-231-1/+2
|\ \ | |/ | | | | | | Conflicts: src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
| * Fixes StyleCop break.Andrew Arnott2013-01-121-1/+1
| |
| * Update to support Front_End_Https header used by some loadbalancers for SSL ↵Mike Roest2013-01-121-1/+2
| | | | | | | | terminiation. As Per http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_request_headers
* | Fixes build break in .NET 3.5 builds.Andrew Arnott2012-12-261-6/+11
| |
* | StyleCop fixes.Andrew Arnott2012-12-262-35/+35
| |
* | Fixes timeout in unit tests.Andrew Arnott2012-12-261-1/+20
| |
* | Whitespace fixes.Andrew Arnott2012-12-251-61/+61
| |
* | Replaces locking with thread-affinitized RNGs.Andrew Arnott2012-12-251-17/+35
| |
* | Mitigates timing attack on random number generator.Andrew Arnott2012-12-251-4/+28
| |
* | Merge branch 'v4.1'Andrew Arnott2012-12-242-0/+19
|\ \ | |/
| * Sensitive message information is now masked from logging.Andrew Arnott2012-12-232-0/+19
| | | | | | | | Fixes #243
* | Replaces use of ASP.NET session id with random key.Andrew Arnott2012-12-241-0/+23
| | | | | | | | Fixes #229
* | Fixed stylecop errors.Andrew Arnott2012-12-241-1/+7
| |
* | Access token responses now encode expires as number.Andrew Arnott2012-12-245-5/+59
| | | | | | | | Fixes #223
* | Adjusts verbosity levels of HTTP error logging.Andrew Arnott2012-12-241-5/+16
| | | | | | | | Fixes #244
* | Merge branch 'v4.1'Andrew Arnott2012-12-024-11/+31
|\ \ | |/ | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs src/version.txt
| * Fixes an InternalErrorException thrown when decoding corrupted access tokens.Andrew Arnott2012-11-111-1/+1
| | | | | | | | Fixes #178
| * Fixes another OOM exception while decoding corrupted tokens.Andrew Arnott2012-11-111-1/+1
| |
| * Avoids OOM exceptions from ResourceServerAndrew Arnott2012-11-114-6/+25
| | | | | | | | Related to #178
| * Fixes AsHttpResposneMessage() exception when response has no stream.Andrew Arnott2012-11-021-3/+4
| | | | | | | | Fixes #226
* | Merge remote-tracking branch 'aarnott/master'Andrew Arnott2012-10-294-18/+12
|\ \
| * | Adds AuthorizationServer.DecodeRefreshTokenAndrew Arnott2012-07-204-18/+12
| | | | | | | | | | | | | | | | | | And a unit test. Fixes #182
* | | Promotes MessagingUtilities.GetPublicFacingUrl to public method.Andrew Arnott2012-10-291-57/+57
| | | | | | | | | | | | Fixes #198
* | | Merge branch 'v4.1'Andrew Arnott2012-10-144-8/+170
|\ \ \ | | |/ | |/|
| * | Added OutgoingWebResponse.AsHttpResponseMessage extension method.Andrew Arnott2012-10-091-0/+25
| | |
| * | Added missing xml doc comment line.Andrew Arnott2012-09-291-0/+1
| | |
| * | Merge branch 'v4.0' into v4.1Andrew Arnott2012-09-291-0/+21
| |\ \
| | * | Mitigates the XML DTD DoS attack from expanding entities.Andrew Arnott2012-09-291-0/+23
| | | | | | | | | | | | | | | | Fixes #209
| * | | Added NuGet package dependency and fixed build breaks in samples.Andrew Arnott2012-09-271-0/+11
| | | |
| * | | Adds overloads of ResourceServer for HttpRequestMessage.Andrew Arnott2012-09-271-5/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The GetPrincipal and GetAccessToken now better support resource servers that are written in ASP.NET WebAPI. Fixes #206
| * | | Fixed a couple build warnings.Andrew Arnott2012-07-221-1/+1
| | | |
| * | | Fixed build break for .NET 3.5 targeting.Andrew Arnott2012-07-191-0/+2
| | | |
| * | | Fixed StyleCop issueAndrew Arnott2012-07-181-1/+1
| | | |
| * | | Replaces explicit crypto algorithm use with factories.Andrew Arnott2012-07-182-3/+61
| | |/ | |/| | | | | | | Fixes #47 which requires that FIPS compliance be an option.
* | | Fixing one more place it was missed, also changing to OPTIONSMatt Hawley2012-08-103-9/+11
| | |
* | | Adding PATCH and OPTION http verbsMatt Hawley2012-08-102-3/+21
|/ /
* | Merge branch 'v4.0'Andrew Arnott2012-06-201-1/+1
|\ \ | |/
| * Logging banner now includes the precise build version.Andrew Arnott2012-06-201-15/+1
| | | | | | | | Fixes #161
| * DNOA user agent string now includes the build number again.Andrew Arnott2012-06-201-1/+15
| | | | | | | | Fixes #160.
* | Merge branch 'v4.0'Andrew Arnott2012-05-011-5/+17
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: nuget/DotNetOpenAuth.AspNet.nuspec nuget/DotNetOpenAuth.Core.UI.nuspec nuget/DotNetOpenAuth.Core.nuspec nuget/DotNetOpenAuth.InfoCard.UI.nuspec nuget/DotNetOpenAuth.InfoCard.nuspec nuget/DotNetOpenAuth.OAuth.Common.nuspec nuget/DotNetOpenAuth.OAuth.Consumer.nuspec nuget/DotNetOpenAuth.OAuth.ServiceProvider.nuspec nuget/DotNetOpenAuth.OAuth.nuspec nuget/DotNetOpenAuth.OAuth2.AuthorizationServer.nuspec nuget/DotNetOpenAuth.OAuth2.Client.UI.nuspec nuget/DotNetOpenAuth.OAuth2.Client.nuspec nuget/DotNetOpenAuth.OAuth2.ResourceServer.nuspec nuget/DotNetOpenAuth.OAuth2.nuspec nuget/DotNetOpenAuth.OpenId.Provider.UI.nuspec nuget/DotNetOpenAuth.OpenId.Provider.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.UI.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.nuspec nuget/DotNetOpenAuth.OpenId.UI.nuspec nuget/DotNetOpenAuth.OpenId.nuspec nuget/DotNetOpenAuth.OpenIdInfoCard.UI.nuspec nuget/DotNetOpenAuth.OpenIdOAuth.nuspec nuget/nuget.proj src/version.txt
| * Fixes thread-safety in MessageDescriptionCollection class.Andrew Arnott2012-04-271-5/+17
| | | | | | | | Fixes #130
* | Moved some JSON serialization logic to MessagingUtilities and added a unit test.Andrew Arnott2012-04-283-18/+75
| |
* | The convenient compression/decompression API now offers both gzip and deflate.Andrew Arnott2012-04-281-6/+58
| | | | | | | | Towards #127: "support for JWT access tokens"
* | Added a base64web encoder for byte[] typed message parts.Andrew Arnott2012-04-281-0/+37
| |
* | Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-254-19/+13
| | | | | | | | | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* | Fixed Stylecop messages.Andrew Arnott2012-04-221-0/+1
| |
* | Fixes access denial errors from OAuth 2 resource servers so they include the ↵Andrew Arnott2012-04-222-14/+22
| | | | | | | | | | | | required parameters in their WWW-Authenticate headers. Fixes #124
* | Replaces ResourceServer.VerifyAccess with a better pattern for error handling.Andrew Arnott2012-04-212-4/+82
| | | | | | | | Fixes #122
* | Merge branch 'v4.0'Andrew Arnott2012-04-213-1/+5
|\ \ | |/
| * Removed unimplemented Exception.GetObjectData override methods.Andrew Arnott2012-04-212-0/+4
| | | | | | | | | | | | They weren't implemented anyway, and seem to be causing trouble with certain CLR 4 hosters (like Rackspace). Fixes #121
| * Fix for VerificationException that occurs on some machines.Andrew Arnott2012-04-101-1/+1
| | | | | | | | Fixes #112
* | Fixed HTTP Basic authentication for OAuth 2 clients so that it actually ↵Andrew Arnott2012-04-193-0/+20
| | | | | | | | works in the sample.
* | StyleCop cleanup, and reversal of some code changes that were no longer ↵Andrew Arnott2012-04-181-0/+24
| | | | | | | | necessary.
* | We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-185-9/+97
| |
* | Added a bit more logging.Andrew Arnott2012-04-161-0/+1
| |
* | Added logging for why crypto keys are created.Andrew Arnott2012-04-161-0/+6
| |
* | Merge branch 'v4.0'Andrew Arnott2012-04-052-35/+96
|\ \ | |/ | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/DotNetOpenAuth.OAuth2.ResourceServer.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
| * Fixes InvalidCastExceptions for Identifier and Realm conversionsAndrew Arnott2012-04-052-35/+96
| | | | | | | | | | | | | | | | that can result from receiving a message before the static constructors for those types have executed. This corrects the regression introduced in v4.0.0. Fixes #109
* | Moved code to calculate a web root into DNOA.Core.Andrew Arnott2012-04-021-0/+13
| |
* | AccessToken is now a public class.Andrew Arnott2012-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's). Client Identifiers are no longer included in access tokens for unauthenticated clients. More work needed on IAccessTokenAnalyzer and the access token formatter. We need to generalize the serialization itself so folks can use JWT, etc. We also still need access token to have a host-defined map of claims. Fixes #104 Fixes #102
* | Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-011-37/+37
| | | | | | | | Fixes #92
* | Added binding element comments.Andrew Arnott2012-03-302-2/+8
| |
* | Merge branch 'master' into oauth2refactorAndrew Arnott2012-03-241-0/+1
|\ \ | |/ | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * Fix for NullReferenceException in the OAuth 1.0 demo due to HttpRequestInfo ↵Andrew Arnott2012-03-221-0/+1
| | | | | | | | | | | | not initializing one of its fields. Fixes #97
* | Redistributed OAuth2 code into their more specific assemblies.Andrew Arnott2012-03-161-0/+2
|/
* Fixed StyleCop warnings.Andrew Arnott2012-03-141-1/+4
|
* Access token endpoint now can respond with appropriate errors.Andrew Arnott2012-03-141-1/+1
|
* Fixed error message generated in exception thrown for bad access token requests.Andrew Arnott2012-03-142-8/+19
|
* FxCop fixes and suppressions.Andrew Arnott2012-03-101-16/+17
|
* Applied all the StyleCop fixes necessary by the StyleCop 4.7 upgrade.Andrew Arnott2012-03-109-7/+9
|
* OAuth 2 clients now use the state parameter to mitigate XSRF attacks.Andrew Arnott2012-03-081-0/+9
| | | | Fixes #84
* Fixed StyleCop messages.Andrew Arnott2012-03-053-12/+119
|
* HttpRequestInfo ctors are now internal, and publicly we have staticAndrew Arnott2012-03-051-4/+20
| | | | factory methods that return HttpRequestBase instances.
* Replaced API requirements for HttpRequestInfo with HttpRequestBase (new in ↵Andrew Arnott2012-03-054-386/+215
| | | | | | .NET 3.5 SP1). This makes us more friendly to MVC as well as mock-based unit testing.
* Fixed some bad or missing URL escaping.Andrew Arnott2012-03-011-1/+1
|
* Merge branch 'master' into webpagesAndrew Arnott2012-03-0181-169/+248
|\ | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * Removed requirement for callback parameter, per the spec.Andrew Arnott2012-02-191-4/+10
| |
| * Fixed up the various protocol channels to correctly apply HTTP headers ↵Andrew Arnott2012-02-191-0/+16
| | | | | | | | prescribed by the messages.
| * Brings back HTTP Authorization header whitespace trimming.Andrew Arnott2012-02-151-1/+1
| | | | | | | | | | | | Fixes issue where DNOA 4.0 regressed from v3.4 in not trimming spaces around HTTP Authorization header tokens. Thanks to Guilherme Reis for reporting the bug.
| * Fixed FxCop messages in DNOA.Core #68Andrew Arnott2012-02-097-4/+60
| |
| * Updated all copyright notices to reflect copyright assignment to Outercurve.Andrew Arnott2012-02-0579-158/+158
| | | | | | | | Fixes #66
| * Fixed build break.Andrew Arnott2012-01-291-1/+1
| |
| * Merge branch 'v3.4'Andrew Arnott2012-01-291-2/+3
| | | | | | | | | | | | | | | | | | Conflicts: nuget/nuget.proj samples/OpenIdOfflineProvider/OpenIdOfflineProvider.csproj src/DotNetOpenAuth/DotNetOpenAuth.csproj src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs tools/DotNetOpenAuth.props
* | Fixed ReadOnlyDictionary.cs location.Andrew Arnott2012-03-011-0/+224
| |
* | Make changes per discussion. Remove the DNOA.WebPages project. Rename ↵Microsoft2012-03-011-5/+28
|/ | | | DNOA.Web to DNOA.AspNet.
* OpenID messages that are missing signed parameters now throws ↵Andrew Arnott2012-01-293-2/+34
| | | | | | ProtocolException instead of KeyNotFoundException. Fixes #45
* Added more support for HttpContextBase, HttpResponseBase, etc.Andrew Arnott2012-01-292-3/+47
|
* Renamed assembly DotNetOpenAuth.Messaging(.UI) to DotNetOpenAuth.Core(.UI)Andrew Arnott2012-01-1286-0/+14286
generated by cgit v1.1 at 2025-05-20 19:28:33 +0000