summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2
Commit message (Collapse)AuthorAgeFilesLines
* Special handling for client credential grant typeAndrew Arnott2012-05-292-4/+59
| | | | | | | | Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138
* Resource owner password grant method renameAndrew Arnott2012-05-292-40/+44
| | | | | | | | | | | | Renamed IAuthorizationServerHost.IsResourceOwnerCredentialValid to TryAuthorizeResourceOwnerCredentialGrant so that authorization servers are prepared to approve refresh tokens that may be issued as a result of a resource owner password grant. This also removes some of the "validation" that wasn't really doing anything useful for resource owner password grant types. Toward an eventual fix for #138
* Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-254-33/+86
| | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* Moved IAuthorizationServerHost interface into the auth server project.Andrew Arnott2012-04-241-0/+214
|
* Anonymous clients can now exchange resource owner credentials for refresh ↵Andrew Arnott2012-04-221-7/+15
| | | | | | | | and access tokens. (authenticated clients already could). Fixes #100
* Fixes access denial errors from OAuth 2 resource servers so they include the ↵Andrew Arnott2012-04-225-14/+36
| | | | | | required parameters in their WWW-Authenticate headers. Fixes #124
* Fixed HTTP Basic authentication for OAuth 2 clients so that it actually ↵Andrew Arnott2012-04-197-15/+62
| | | | works in the sample.
* Fixed up the configuration story for OAuth 2.Andrew Arnott2012-04-187-80/+44
|
* StyleCop cleanup, and reversal of some code changes that were no longer ↵Andrew Arnott2012-04-187-3/+83
| | | | necessary.
* We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-187-9/+224
|
* Authorization server hosts may now provide canonical usernames for the ↵Andrew Arnott2012-04-161-1/+4
| | | | | | resource owner given correct resource owner credentials. Fixes #103
* Authorization servers now gain insight into the calling client when ↵Andrew Arnott2012-04-151-1/+1
| | | | | | validating resource owner credential grant type requests. Fixes #101
* Enables the authorization server to store arbitrary additional claims with ↵Andrew Arnott2012-04-141-0/+2
| | | | | | the access token. Fixes #107
* Renamed IAuthorizationServer to IAuthorizationServerHost.Andrew Arnott2012-04-087-11/+11
| | | | To avoid confusion with the concrete class AuthorizationServer.
* AccessToken is now a public class.Andrew Arnott2012-04-011-1/+0
| | | | | | | | | | | Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's). Client Identifiers are no longer included in access tokens for unauthenticated clients. More work needed on IAccessTokenAnalyzer and the access token formatter. We need to generalize the serialization itself so folks can use JWT, etc. We also still need access token to have a host-defined map of claims. Fixes #104 Fixes #102
* Fixed missing username and lifetime in implicit access tokens.Andrew Arnott2012-04-011-1/+2
|
* Fixed typo.Andrew Arnott2012-04-011-1/+1
|
* Fixed StyleCop message.Andrew Arnott2012-04-011-1/+0
|
* Simplified ClientDescription class and made it more flexible at the sameAndrew Arnott2012-04-011-17/+10
| | | | time.
* Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-013-10/+36
| | | | Fixes #92
* Fixed inclusion of refresh token based on host policy.Andrew Arnott2012-04-011-2/+1
|
* Corrected old name of nonce store property.Andrew Arnott2012-04-011-1/+1
|
* Moved localizable strings into specific OAuth 2 assemblies.Andrew Arnott2012-03-315-6/+42
|
* Removed another auth server binding element.Andrew Arnott2012-03-313-101/+29
|
* Moved access token signing key to the parameters object.Andrew Arnott2012-03-311-1/+3
| | | | | | This also presumably solves the threading concerns of sharing one instance. Fixes #34
* Fixed a couple of failing unit tests.Andrew Arnott2012-03-311-1/+1
|
* Consolidated all code and token serializations to one binding element.Andrew Arnott2012-03-305-171/+179
|
* Fixed up an authorization server's token endpoint to generate more accurate ↵Andrew Arnott2012-03-306-18/+254
| | | | error messages.
* Added binding element comments.Andrew Arnott2012-03-302-0/+2
|
* Moved some message validation to another binding element.Andrew Arnott2012-03-293-14/+11
|
* Moved the code in AuthorizationCodeBindingElement into the ↵Andrew Arnott2012-03-294-90/+17
| | | | AuthorizationServer class.
* Beginning work of cleaning up the auth server binding elements.Andrew Arnott2012-03-266-45/+30
|
* Fixed comments and a couple missing [Serializable] attributes.Andrew Arnott2012-03-243-3/+7
|
* StyleCop fixes.Andrew Arnott2012-03-243-16/+14
|
* All unit tests pass again.Andrew Arnott2012-03-181-13/+19
|
* Fixed another failing unit test.Andrew Arnott2012-03-181-1/+1
|
* Fixed failing unit test: ResourceOwnerPasswordCredentialGrant.Andrew Arnott2012-03-182-19/+12
|
* A little binding element cleanup.Andrew Arnott2012-03-182-15/+13
|
* Fixed build breaks in the solution.Andrew Arnott2012-03-171-2/+3
|
* A bunch more moving of OAuth2 classes between assemblies.Andrew Arnott2012-03-163-17/+71
|
* Redistributed OAuth2 code into their more specific assemblies.Andrew Arnott2012-03-1616-2/+1137
|
* Fixed StyleCop warnings.Andrew Arnott2012-03-141-27/+27
|
* Access token endpoint now can respond with appropriate errors.Andrew Arnott2012-03-141-45/+23
|
* Applied all the StyleCop fixes necessary by the StyleCop 4.7 upgrade.Andrew Arnott2012-03-101-1/+1
|
* Replaced API requirements for HttpRequestInfo with HttpRequestBase (new in ↵Andrew Arnott2012-03-051-3/+5
| | | | | | .NET 3.5 SP1). This makes us more friendly to MVC as well as mock-based unit testing.
* Split up end user authorization request message types between auth code and ↵Andrew Arnott2012-02-211-1/+1
| | | | implicit.
* Added scaffolding for OAuth2 unit tests and added the first test for client ↵Andrew Arnott2012-02-201-10/+3
| | | | authorization.
* Suppressed refresh tokens when client credentials are used to comply with ↵Andrew Arnott2012-02-161-0/+9
| | | | OAuth 2.0 section 4.4.3.
* Fixed many FxCop messages in OAuth2 assemblies. #68Andrew Arnott2012-02-091-0/+2
|
* Updated all copyright notices to reflect copyright assignment to Outercurve.Andrew Arnott2012-02-051-2/+2
| | | | Fixes #66
* All product assemblies build without ccrewrite.exe now.Andrew Arnott2011-09-181-9/+9
|
* Broke out OAuth 2 into 4 separate assemblies.Andrew Arnott2011-08-011-0/+258
generated by cgit v1.1 at 2025-06-06 02:54:26 +0000