summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2
Commit message (Collapse)AuthorAgeFilesLines
* #365David Christiansen2015-01-051-0/+141
|
* Test greenDavid Christiansen2015-01-051-67/+722
| | | | - Packages update
* Closes #356, Closes #357, Closes #358David Christiansen2015-01-043-0/+5
|
* Lots of StyleCop fixes.Andrew Arnott2013-03-263-3/+8
|
* Many more unit test build fixes and product touch-ups.Andrew Arnott2013-03-071-20/+37
|
* Unit test build break fixes.Andrew Arnott2013-03-061-1/+1
|
* Switched Channel to receiving messages via HttpRequestMessage as well.Andrew Arnott2013-03-042-13/+10
|
* Adds OpenID RP to WebAPI sample so it's a real login.Andrew Arnott2013-03-031-0/+15
|
* Fixed up WebAPI sample so it works with anonymous clients.Andrew Arnott2013-03-021-8/+17
|
* Removes the memory crypto key store from the sample.Andrew Arnott2013-03-021-2/+14
| | | | We now have a 'hard-coded' secret key store that trivial apps/samples may use to keep things simple until they create a database table.
* Adds support for symmetric key signing and encryption of access tokens.Andrew Arnott2013-03-011-2/+14
| | | | This targets the common scenario where authorization servers and resource servers are actually on the same web application, and asymmetric cryptography is overkill and requires extra setup.
* Fixes NullReferenceException in MessageValidationBindingElement.Andrew Arnott2013-02-281-1/+1
|
* More warning fixes.Andrew Arnott2013-02-162-7/+7
|
* Lots of stylecop fixes.Andrew Arnott2013-02-161-1/+1
|
* More warning fixes.Andrew Arnott2013-02-101-1/+1
|
* C# compiler warning fixes.Andrew Arnott2013-02-105-9/+21
|
* OAuth2.AuthorizationServer now builds.Andrew Arnott2013-01-135-47/+35
|
* Removes CLR4 compiler symbol.Andrew Arnott2012-12-281-4/+0
|
* Removes more remnants of Code Contracts.Andrew Arnott2012-12-268-145/+0
|
* Replaces DNOA's internal Requires class with Validation NuGet package.Andrew Arnott2012-12-2616-0/+16
|
* CreateAccessToken reveals username to hostAndrew Arnott2012-12-241-3/+3
| | | | | | | IAuthorizationServerHost.CreateAccessToken now has access to authoring usernames. Fixes #219
* Merge branch 'v4.1'Andrew Arnott2012-12-025-4/+37
|\ | | | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs src/version.txt
| * Enforces signing of access tokens at auth serverAndrew Arnott2012-11-113-3/+16
| |
| * Fixes HTTP Basic auth challenge to include realmAndrew Arnott2012-11-111-1/+7
| | | | | | | | Fixes #189
| * Adds AuthorizationServer.HandleTokenRequest(HttpRequestMessage) overload.Andrew Arnott2012-11-101-0/+14
| | | | | | | | Fixes #210
* | Authorization servers can override the granted scopes for all grant types.Andrew Arnott2012-10-304-35/+108
| | | | | | | | | | | | This change adds the ability for authorization servers to override the granted scopes of client credential and resource owner password grant types. Fixes #225
* | Merge remote-tracking branch 'aarnott/master'Andrew Arnott2012-10-293-2/+71
|\ \ | |/ |/|
| * Fixed AccessTokenResult API to be clearerAndrew Arnott2012-07-221-0/+50
| | | | | | | | | | | | The AccessTokenResult constructor accepts an AccessToken, when it should only accept an AuthorizationServerAccessToken so it's clear what an auth server host must create so that it's serializable. This fixes that.
| * Adds AuthorizationServer.DecodeRefreshTokenAndrew Arnott2012-07-202-2/+21
| | | | | | | | | | | | And a unit test. Fixes #182
* | Fix error message.Andrew Arnott2012-08-231-1/+1
| |
* | Replaces explicit crypto algorithm use with factories.Andrew Arnott2012-07-181-1/+1
|/ | | | Fixes #47 which requires that FIPS compliance be an option.
* Fixed build warnings due to XML commentsAndrew Arnott2012-05-291-2/+2
|
* Special handling for client credential grant typeAndrew Arnott2012-05-292-4/+59
| | | | | | | | Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138
* Resource owner password grant method renameAndrew Arnott2012-05-292-40/+44
| | | | | | | | | | | | Renamed IAuthorizationServerHost.IsResourceOwnerCredentialValid to TryAuthorizeResourceOwnerCredentialGrant so that authorization servers are prepared to approve refresh tokens that may be issued as a result of a resource owner password grant. This also removes some of the "validation" that wasn't really doing anything useful for resource owner password grant types. Toward an eventual fix for #138
* Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-254-33/+86
| | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* Moved IAuthorizationServerHost interface into the auth server project.Andrew Arnott2012-04-241-0/+214
|
* Anonymous clients can now exchange resource owner credentials for refresh ↵Andrew Arnott2012-04-221-7/+15
| | | | | | | | and access tokens. (authenticated clients already could). Fixes #100
* Fixes access denial errors from OAuth 2 resource servers so they include the ↵Andrew Arnott2012-04-225-14/+36
| | | | | | required parameters in their WWW-Authenticate headers. Fixes #124
* Fixed HTTP Basic authentication for OAuth 2 clients so that it actually ↵Andrew Arnott2012-04-197-15/+62
| | | | works in the sample.
* Fixed up the configuration story for OAuth 2.Andrew Arnott2012-04-187-80/+44
|
* StyleCop cleanup, and reversal of some code changes that were no longer ↵Andrew Arnott2012-04-187-3/+83
| | | | necessary.
* We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-187-9/+224
|
* Authorization server hosts may now provide canonical usernames for the ↵Andrew Arnott2012-04-161-1/+4
| | | | | | resource owner given correct resource owner credentials. Fixes #103
* Authorization servers now gain insight into the calling client when ↵Andrew Arnott2012-04-151-1/+1
| | | | | | validating resource owner credential grant type requests. Fixes #101
* Enables the authorization server to store arbitrary additional claims with ↵Andrew Arnott2012-04-141-0/+2
| | | | | | the access token. Fixes #107
* Renamed IAuthorizationServer to IAuthorizationServerHost.Andrew Arnott2012-04-087-11/+11
| | | | To avoid confusion with the concrete class AuthorizationServer.
* AccessToken is now a public class.Andrew Arnott2012-04-011-1/+0
| | | | | | | | | | | Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's). Client Identifiers are no longer included in access tokens for unauthenticated clients. More work needed on IAccessTokenAnalyzer and the access token formatter. We need to generalize the serialization itself so folks can use JWT, etc. We also still need access token to have a host-defined map of claims. Fixes #104 Fixes #102
* Fixed missing username and lifetime in implicit access tokens.Andrew Arnott2012-04-011-1/+2
|
* Fixed typo.Andrew Arnott2012-04-011-1/+1
|
* Fixed StyleCop message.Andrew Arnott2012-04-011-1/+0
|
* Simplified ClientDescription class and made it more flexible at the sameAndrew Arnott2012-04-011-17/+10
| | | | time.
* Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-013-10/+36
| | | | Fixes #92
* Fixed inclusion of refresh token based on host policy.Andrew Arnott2012-04-011-2/+1
|
* Corrected old name of nonce store property.Andrew Arnott2012-04-011-1/+1
|
* Moved localizable strings into specific OAuth 2 assemblies.Andrew Arnott2012-03-315-6/+42
|
* Removed another auth server binding element.Andrew Arnott2012-03-313-101/+29
|
* Moved access token signing key to the parameters object.Andrew Arnott2012-03-311-1/+3
| | | | | | This also presumably solves the threading concerns of sharing one instance. Fixes #34
* Fixed a couple of failing unit tests.Andrew Arnott2012-03-311-1/+1
|
* Consolidated all code and token serializations to one binding element.Andrew Arnott2012-03-305-171/+179
|
* Fixed up an authorization server's token endpoint to generate more accurate ↵Andrew Arnott2012-03-306-18/+254
| | | | error messages.
* Added binding element comments.Andrew Arnott2012-03-302-0/+2
|
* Moved some message validation to another binding element.Andrew Arnott2012-03-293-14/+11
|
* Moved the code in AuthorizationCodeBindingElement into the ↵Andrew Arnott2012-03-294-90/+17
| | | | AuthorizationServer class.
* Beginning work of cleaning up the auth server binding elements.Andrew Arnott2012-03-266-45/+30
|
* Fixed comments and a couple missing [Serializable] attributes.Andrew Arnott2012-03-243-3/+7
|
* StyleCop fixes.Andrew Arnott2012-03-243-16/+14
|
* All unit tests pass again.Andrew Arnott2012-03-181-13/+19
|
* Fixed another failing unit test.Andrew Arnott2012-03-181-1/+1
|
* Fixed failing unit test: ResourceOwnerPasswordCredentialGrant.Andrew Arnott2012-03-182-19/+12
|
* A little binding element cleanup.Andrew Arnott2012-03-182-15/+13
|
* Fixed build breaks in the solution.Andrew Arnott2012-03-171-2/+3
|
* A bunch more moving of OAuth2 classes between assemblies.Andrew Arnott2012-03-163-17/+71
|
* Redistributed OAuth2 code into their more specific assemblies.Andrew Arnott2012-03-1616-2/+1137
|
* Fixed StyleCop warnings.Andrew Arnott2012-03-141-27/+27
|
* Access token endpoint now can respond with appropriate errors.Andrew Arnott2012-03-141-45/+23
|
* Applied all the StyleCop fixes necessary by the StyleCop 4.7 upgrade.Andrew Arnott2012-03-101-1/+1
|
* Replaced API requirements for HttpRequestInfo with HttpRequestBase (new in ↵Andrew Arnott2012-03-051-3/+5
| | | | | | .NET 3.5 SP1). This makes us more friendly to MVC as well as mock-based unit testing.
* Split up end user authorization request message types between auth code and ↵Andrew Arnott2012-02-211-1/+1
| | | | implicit.
* Added scaffolding for OAuth2 unit tests and added the first test for client ↵Andrew Arnott2012-02-201-10/+3
| | | | authorization.
* Suppressed refresh tokens when client credentials are used to comply with ↵Andrew Arnott2012-02-161-0/+9
| | | | OAuth 2.0 section 4.4.3.
* Fixed many FxCop messages in OAuth2 assemblies. #68Andrew Arnott2012-02-091-0/+2
|
* Updated all copyright notices to reflect copyright assignment to Outercurve.Andrew Arnott2012-02-051-2/+2
| | | | Fixes #66
* All product assemblies build without ccrewrite.exe now.Andrew Arnott2011-09-181-9/+9
|
* Broke out OAuth 2 into 4 separate assemblies.Andrew Arnott2011-08-011-0/+258
generated by cgit v1.1 at 2025-05-12 17:46:49 +0000