summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Core
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'v4.2' into v4.3Andrew Arnott2013-04-221-4/+7
|\
| * Use only web safe characters in client state argAndrew Arnott2013-04-111-4/+7
| | | | | | | | Fixes #268
* | Merge branch 'v4.2' into v4.3Andrew Arnott2013-04-112-1/+3
|\ \ | |/ | | | | | | Conflicts: src/version.txt
| * Merge branch 'v4.1' into v4.2Andrew Arnott2013-04-111-0/+2
| |\
| | * Adds Content-Length header to direct responses.Andrew Arnott2013-03-091-0/+2
| | |
| * | Fix Error LoggingJohn McKim2013-02-261-1/+1
| | |
* | | Adds DelegatingHandler implementations for OAuth 1 consumers that sign ↵Andrew Arnott2013-02-231-6/+36
|/ / | | | | | | outgoing requests.
* | Merge remote-tracking branch 'origin/v4.1' into v4.2v4.2.2.13055Andrew Arnott2013-02-233-2/+5
|\ \ | |/ | | | | | | Conflicts: src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
| * Adds another catch block to the logger initializer.Andrew Arnott2013-01-121-0/+2
| |
| * Fixes StyleCop break.Andrew Arnott2013-01-121-1/+1
| |
| * Update to support Front_End_Https header used by some loadbalancers for SSL ↵Mike Roest2013-01-121-1/+2
| | | | | | | | terminiation. As Per http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_request_headers
| * Fixes KeyNotFoundException in logging.Andrew Arnott2013-01-011-1/+1
| |
* | Fixes build break in .NET 3.5 builds.Andrew Arnott2012-12-261-6/+11
| |
* | StyleCop fixes.Andrew Arnott2012-12-262-35/+35
| |
* | Fixes timeout in unit tests.Andrew Arnott2012-12-261-1/+20
| |
* | Whitespace fixes.Andrew Arnott2012-12-251-61/+61
| |
* | Replaces locking with thread-affinitized RNGs.Andrew Arnott2012-12-251-17/+35
| |
* | Mitigates timing attack on random number generator.Andrew Arnott2012-12-251-4/+28
| |
* | Merge branch 'v4.1'Andrew Arnott2012-12-244-3/+34
|\ \ | |/
| * Sensitive message information is now masked from logging.Andrew Arnott2012-12-233-1/+28
| | | | | | | | Fixes #243
| * Move the bool assignment inside the try catch to allow analysis tool to pass.Mike Roest2012-12-211-1/+1
| |
| * StyleCop fixAndrew Arnott2012-12-171-1/+1
| |
| * Add additional Exception handling to prevent a process crash on a Logger ↵Mike Roest2012-12-171-1/+5
| | | | | | | | Exception during SendStatsAsync
* | Replaces use of ASP.NET session id with random key.Andrew Arnott2012-12-242-0/+31
| | | | | | | | Fixes #229
* | Fixed stylecop errors.Andrew Arnott2012-12-241-1/+7
| |
* | Access token responses now encode expires as number.Andrew Arnott2012-12-246-5/+60
| | | | | | | | Fixes #223
* | Adjusts verbosity levels of HTTP error logging.Andrew Arnott2012-12-241-5/+16
| | | | | | | | Fixes #244
* | Merge branch 'v4.1'Andrew Arnott2012-12-024-11/+31
|\ \ | |/ | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs src/version.txt
| * Fixes an InternalErrorException thrown when decoding corrupted access tokens.Andrew Arnott2012-11-111-1/+1
| | | | | | | | Fixes #178
| * Fixes another OOM exception while decoding corrupted tokens.Andrew Arnott2012-11-111-1/+1
| |
| * Avoids OOM exceptions from ResourceServerAndrew Arnott2012-11-114-6/+25
| | | | | | | | Related to #178
| * Fixes AsHttpResposneMessage() exception when response has no stream.Andrew Arnott2012-11-021-3/+4
| | | | | | | | Fixes #226
* | Merge remote-tracking branch 'aarnott/master'Andrew Arnott2012-10-294-18/+12
|\ \
| * | Adds AuthorizationServer.DecodeRefreshTokenAndrew Arnott2012-07-204-18/+12
| | | | | | | | | | | | | | | | | | And a unit test. Fixes #182
* | | Promotes MessagingUtilities.GetPublicFacingUrl to public method.Andrew Arnott2012-10-291-57/+57
| | | | | | | | | | | | Fixes #198
* | | Merge branch 'v4.1'Andrew Arnott2012-10-148-47/+285
|\ \ \ | | |/ | |/|
| * | Fixes TraceSwitch tracing to filter based on configuration.Andrew Arnott2012-10-101-30/+90
| | | | | | | | | | | | Fixes #214
| * | Added OutgoingWebResponse.AsHttpResponseMessage extension method.Andrew Arnott2012-10-091-0/+25
| | |
| * | Adjusted AssemblyInfo.cs to be unique for each assembly.Andrew Arnott2012-09-291-9/+1
| | | | | | | | | | | | This should fix nuget pdb package submission to symbolsource.org
| * | Added missing xml doc comment line.Andrew Arnott2012-09-291-0/+1
| | |
| * | Merge branch 'v4.0' into v4.1Andrew Arnott2012-09-291-0/+21
| |\ \
| | * | Mitigates the XML DTD DoS attack from expanding entities.Andrew Arnott2012-09-291-0/+23
| | | | | | | | | | | | | | | | Fixes #209
| * | | Added NuGet package dependency and fixed build breaks in samples.Andrew Arnott2012-09-271-0/+11
| | | |
| * | | Adds overloads of ResourceServer for HttpRequestMessage.Andrew Arnott2012-09-271-5/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The GetPrincipal and GetAccessToken now better support resource servers that are written in ASP.NET WebAPI. Fixes #206
| * | | Merge branch 'SlowGoogleServerWorkaround' into v4.1Andrew Arnott2012-09-171-0/+23
| | | |
| * | | Fixed a couple build warnings.Andrew Arnott2012-07-221-1/+1
| | | |
| * | | Fixed build break for .NET 3.5 targeting.Andrew Arnott2012-07-191-0/+2
| | | |
| * | | Fixed StyleCop issueAndrew Arnott2012-07-181-1/+1
| | | |
| * | | Replaces explicit crypto algorithm use with factories.Andrew Arnott2012-07-183-3/+62
| | |/ | |/| | | | | | | Fixes #47 which requires that FIPS compliance be an option.
* | | Fixing one more place it was missed, also changing to OPTIONSMatt Hawley2012-08-103-9/+11
| | |
* | | Adding PATCH and OPTION http verbsMatt Hawley2012-08-102-3/+21
|/ /
* | Merge branch 'v4.0'Andrew Arnott2012-06-202-3/+21
|\ \ | |/
| * Logging banner now includes the precise build version.Andrew Arnott2012-06-202-17/+21
| | | | | | | | Fixes #161
| * DNOA user agent string now includes the build number again.Andrew Arnott2012-06-201-1/+15
| | | | | | | | Fixes #160.
* | Merge remote-tracking branch 'origin/v4.0'Andrew Arnott2012-05-291-0/+2
|\ \ | |/
| * Fix TypeLoadException for log4net under monoAndrew Arnott2012-05-291-0/+2
| | | | | | | | Fixes #151
* | Merge branch 'v4.0'Andrew Arnott2012-05-011-5/+17
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: nuget/DotNetOpenAuth.AspNet.nuspec nuget/DotNetOpenAuth.Core.UI.nuspec nuget/DotNetOpenAuth.Core.nuspec nuget/DotNetOpenAuth.InfoCard.UI.nuspec nuget/DotNetOpenAuth.InfoCard.nuspec nuget/DotNetOpenAuth.OAuth.Common.nuspec nuget/DotNetOpenAuth.OAuth.Consumer.nuspec nuget/DotNetOpenAuth.OAuth.ServiceProvider.nuspec nuget/DotNetOpenAuth.OAuth.nuspec nuget/DotNetOpenAuth.OAuth2.AuthorizationServer.nuspec nuget/DotNetOpenAuth.OAuth2.Client.UI.nuspec nuget/DotNetOpenAuth.OAuth2.Client.nuspec nuget/DotNetOpenAuth.OAuth2.ResourceServer.nuspec nuget/DotNetOpenAuth.OAuth2.nuspec nuget/DotNetOpenAuth.OpenId.Provider.UI.nuspec nuget/DotNetOpenAuth.OpenId.Provider.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.UI.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.nuspec nuget/DotNetOpenAuth.OpenId.UI.nuspec nuget/DotNetOpenAuth.OpenId.nuspec nuget/DotNetOpenAuth.OpenIdInfoCard.UI.nuspec nuget/DotNetOpenAuth.OpenIdOAuth.nuspec nuget/nuget.proj src/version.txt
| * Fixes thread-safety in MessageDescriptionCollection class.Andrew Arnott2012-04-271-5/+17
| | | | | | | | Fixes #130
* | Moved some JSON serialization logic to MessagingUtilities and added a unit test.Andrew Arnott2012-04-284-18/+83
| |
* | The convenient compression/decompression API now offers both gzip and deflate.Andrew Arnott2012-04-281-6/+58
| | | | | | | | Towards #127: "support for JWT access tokens"
* | Added a base64web encoder for byte[] typed message parts.Andrew Arnott2012-04-282-0/+38
| |
* | Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-254-19/+13
| | | | | | | | | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* | Fixed Stylecop messages.Andrew Arnott2012-04-221-0/+1
| |
* | Fixes access denial errors from OAuth 2 resource servers so they include the ↵Andrew Arnott2012-04-224-17/+49
| | | | | | | | | | | | required parameters in their WWW-Authenticate headers. Fixes #124
* | Replaces ResourceServer.VerifyAccess with a better pattern for error handling.Andrew Arnott2012-04-213-4/+83
| | | | | | | | Fixes #122
* | Merge branch 'v4.0'Andrew Arnott2012-04-213-1/+5
|\ \ | |/
| * Removed unimplemented Exception.GetObjectData override methods.Andrew Arnott2012-04-212-0/+4
| | | | | | | | | | | | They weren't implemented anyway, and seem to be causing trouble with certain CLR 4 hosters (like Rackspace). Fixes #121
| * Fix for VerificationException that occurs on some machines.Andrew Arnott2012-04-101-1/+1
| | | | | | | | Fixes #112
* | Fixed HTTP Basic authentication for OAuth 2 clients so that it actually ↵Andrew Arnott2012-04-193-0/+20
| | | | | | | | works in the sample.
* | Fixed up the configuration story for OAuth 2.Andrew Arnott2012-04-181-4/+24
| |
* | StyleCop cleanup, and reversal of some code changes that were no longer ↵Andrew Arnott2012-04-182-0/+25
| | | | | | | | necessary.
* | We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-188-10/+167
| |
* | Added a bit more logging.Andrew Arnott2012-04-161-0/+1
| |
* | Added logging for why crypto keys are created.Andrew Arnott2012-04-161-0/+6
| |
* | Merge branch 'v4.0'Andrew Arnott2012-04-053-35/+97
|\ \ | |/ | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/DotNetOpenAuth.OAuth2.ResourceServer.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
| * Fixes InvalidCastExceptions for Identifier and Realm conversionsAndrew Arnott2012-04-053-35/+97
| | | | | | | | | | | | | | | | that can result from receiving a message before the static constructors for those types have executed. This corrects the regression introduced in v4.0.0. Fixes #109
* | Moved code to calculate a web root into DNOA.Core.Andrew Arnott2012-04-021-0/+13
| |
* | AccessToken is now a public class.Andrew Arnott2012-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's). Client Identifiers are no longer included in access tokens for unauthenticated clients. More work needed on IAccessTokenAnalyzer and the access token formatter. We need to generalize the serialization itself so folks can use JWT, etc. We also still need access token to have a host-defined map of claims. Fixes #104 Fixes #102
* | Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-011-37/+37
| | | | | | | | Fixes #92
* | Added binding element comments.Andrew Arnott2012-03-302-2/+8
| |
* | Merge branch 'master' into oauth2refactorAndrew Arnott2012-03-241-0/+1
|\ \ | |/ | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * Fix for NullReferenceException in the OAuth 1.0 demo due to HttpRequestInfo ↵Andrew Arnott2012-03-221-0/+1
| | | | | | | | | | | | not initializing one of its fields. Fixes #97
* | Redistributed OAuth2 code into their more specific assemblies.Andrew Arnott2012-03-162-0/+4
|/
* Fixed StyleCop warnings.Andrew Arnott2012-03-141-1/+4
|
* Access token endpoint now can respond with appropriate errors.Andrew Arnott2012-03-141-1/+1
|
* Fixed error message generated in exception thrown for bad access token requests.Andrew Arnott2012-03-142-8/+19
|
* Fixed StyleCop settings files by removing the deprecated "Microsoft." prefixes.Andrew Arnott2012-03-111-3/+3
|
* FxCop fixes and suppressions.Andrew Arnott2012-03-101-16/+17
|
* Applied all the StyleCop fixes necessary by the StyleCop 4.7 upgrade.Andrew Arnott2012-03-1014-55/+58
|
* OAuth 2 clients now use the state parameter to mitigate XSRF attacks.Andrew Arnott2012-03-081-0/+9
| | | | Fixes #84
* Fixed StyleCop messages.Andrew Arnott2012-03-054-12/+120
|
* HttpRequestInfo ctors are now internal, and publicly we have staticAndrew Arnott2012-03-051-4/+20
| | | | factory methods that return HttpRequestBase instances.
* Replaced API requirements for HttpRequestInfo with HttpRequestBase (new in ↵Andrew Arnott2012-03-057-389/+220
| | | | | | .NET 3.5 SP1). This makes us more friendly to MVC as well as mock-based unit testing.
* Fixed some bad or missing URL escaping.Andrew Arnott2012-03-011-1/+1
|
* Merge branch 'master' into webpagesAndrew Arnott2012-03-01102-300/+312
|\ | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * Removed requirement for callback parameter, per the spec.Andrew Arnott2012-02-191-4/+10
| |
| * Fixed up the various protocol channels to correctly apply HTTP headers ↵Andrew Arnott2012-02-191-0/+16
| | | | | | | | prescribed by the messages.
| * Brings back HTTP Authorization header whitespace trimming.Andrew Arnott2012-02-151-1/+1
| | | | | | | | | | | | Fixes issue where DNOA 4.0 regressed from v3.4 in not trimming spaces around HTTP Authorization header tokens. Thanks to Guilherme Reis for reporting the bug.
| * Fixed FxCop messages in DNOA.Core #68Andrew Arnott2012-02-0914-98/+78
| |
| * Removed log4net reference from all bug DNOA.Core assembly.Andrew Arnott2012-02-081-0/+5
| |
generated by cgit v1.1 at 2025-05-20 19:34:33 +0000