summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Fixed PAPE comment.Andrew Arnott2012-06-121-1/+1
|
* Merge branch 'v4.0'Andrew Arnott2012-06-1011-27/+196
|\ | | | | | | | | Conflicts: projecttemplates/projecttemplates.proj
| * Updated .gitignore file.Andrew Arnott2012-06-101-1/+1
| |
| * Fixed Win32 PE header of unified library.Andrew Arnott2012-06-103-6/+99
| | | | | | | | | | | | This fixes (unified) dotnetopenauth.dll so that its version, name and original filename attributes are correct instead of inheriting their values from Microsoft.Contracts.dll. Fixes #156
| * Code review cleanup for DotNetOpenAuth.AspNet:Microsoft2012-05-317-20/+96
| | | | | | | | | | | | | | - Clients should use HTTPS instead of HTTP whenever possible. - MachineKeyUtil reliability tweaks. - Improved anti-XSRF protection when running under subdomains. - Other miscellaneous minor cleanup.
* | Fixed xml doc commentAndrew Arnott2012-06-061-3/+3
| |
* | Merge remote-tracking branch 'origin/v4.0'Andrew Arnott2012-05-2917-212/+834
|\ \ | |/
| * Fix TypeLoadException for log4net under monoAndrew Arnott2012-05-291-0/+2
| | | | | | | | Fixes #151
| * Fix bug in OAuth2 clients which is caused by the Xsrf fix earlier.Microsoft2012-05-151-11/+13
| |
| * Set xsrf cookie to HttpOnly. Verify that value passed into query string is a ↵Microsoft2012-05-151-5/+11
| | | | | | | | valid guid.
| * Make changes to fix Style cop issues.Microsoft2012-05-141-2/+10
| |
| * Add protection against XSRF attacks.Microsoft2012-05-141-2/+53
| |
| * Make change so that the VerifyAuthentication overload with no returnUrl ↵Microsoft2012-05-141-29/+18
| | | | | | | | parameter will use the current request as the return url.
| * Update a resource string for error message. Move the DefaultNamespace ↵Microsoft2012-05-113-4/+6
| | | | | | | | element below the Import statement to override the value from imported targets.
| * Make the MachineKeyUtil class internal.Microsoft2012-05-082-1/+5
| |
| * Add the WindowsLiveClient class back and make it inherit from ↵Microsoft2012-05-073-4/+43
| | | | | | | | MicrosoftClient. Also marks it as obsolete.
| * Rename WindowsLive to Microsoft account.Microsoft2012-05-043-10/+10
| |
| * Use cookie to store OAuth token and set it as default mechanism. Fix an ↵Microsoft2012-05-0313-42/+557
| | | | | | | | issue in Facebook account with encoded return url. Update Twitter urls. Catch exception in VerifyAuthentication and return as Failed.
| * Append the provider value to the return url in VerifyAuthenticationMicrosoft2012-05-011-0/+4
| |
* | Fixed build warnings due to XML commentsAndrew Arnott2012-05-291-2/+2
| |
* | Fixed failing ClientCredentialGrant unit testAndrew Arnott2012-05-291-0/+3
| |
* | Special handling for client credential grant typeAndrew Arnott2012-05-292-4/+59
| | | | | | | | | | | | | | | | Access token requests that carry client credential grants are now specially handled and signal to the authorization server that an authorization record should be created. More work toward #138
* | Resource owner password grant method renameAndrew Arnott2012-05-293-41/+45
| | | | | | | | | | | | | | | | | | | | | | | | Renamed IAuthorizationServerHost.IsResourceOwnerCredentialValid to TryAuthorizeResourceOwnerCredentialGrant so that authorization servers are prepared to approve refresh tokens that may be issued as a result of a resource owner password grant. This also removes some of the "validation" that wasn't really doing anything useful for resource owner password grant types. Toward an eventual fix for #138
* | Added class diagram.Andrew Arnott2012-05-282-0/+52
| |
* | Merge branch 'v4.0'Andrew Arnott2012-05-0111-26/+255
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: nuget/DotNetOpenAuth.AspNet.nuspec nuget/DotNetOpenAuth.Core.UI.nuspec nuget/DotNetOpenAuth.Core.nuspec nuget/DotNetOpenAuth.InfoCard.UI.nuspec nuget/DotNetOpenAuth.InfoCard.nuspec nuget/DotNetOpenAuth.OAuth.Common.nuspec nuget/DotNetOpenAuth.OAuth.Consumer.nuspec nuget/DotNetOpenAuth.OAuth.ServiceProvider.nuspec nuget/DotNetOpenAuth.OAuth.nuspec nuget/DotNetOpenAuth.OAuth2.AuthorizationServer.nuspec nuget/DotNetOpenAuth.OAuth2.Client.UI.nuspec nuget/DotNetOpenAuth.OAuth2.Client.nuspec nuget/DotNetOpenAuth.OAuth2.ResourceServer.nuspec nuget/DotNetOpenAuth.OAuth2.nuspec nuget/DotNetOpenAuth.OpenId.Provider.UI.nuspec nuget/DotNetOpenAuth.OpenId.Provider.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.UI.nuspec nuget/DotNetOpenAuth.OpenId.RelyingParty.nuspec nuget/DotNetOpenAuth.OpenId.UI.nuspec nuget/DotNetOpenAuth.OpenId.nuspec nuget/DotNetOpenAuth.OpenIdInfoCard.UI.nuspec nuget/DotNetOpenAuth.OpenIdOAuth.nuspec nuget/nuget.proj src/version.txt
| * Configure OpenId clients to use dumb mode. Add an overload of ↵Microsoft2012-04-302-6/+49
| | | | | | | | VerifyAuthentication to OpenAuthSecurityManager to accept a return url.
| * Incremented version to 4.0.3.Andrew Arnott2012-04-281-2/+2
| |
| * Make changes to OAuth and OpenID to allow web-farm scenario.Microsoft2012-04-277-7/+184
| |
| * Fixes thread-safety in MessageDescriptionCollection class.Andrew Arnott2012-04-271-5/+17
| | | | | | | | Fixes #130
| * Fixes OpenIdRelyingParty so it truly operates in stateless mode when null is ↵Andrew Arnott2012-04-271-8/+5
| | | | | | | | | | | | passed into the constructor. Fixes #129
* | Moved some JSON serialization logic to MessagingUtilities and added a unit test.Andrew Arnott2012-04-287-18/+124
| |
* | The convenient compression/decompression API now offers both gzip and deflate.Andrew Arnott2012-04-281-6/+58
| | | | | | | | Towards #127: "support for JWT access tokens"
* | Added a base64web encoder for byte[] typed message parts.Andrew Arnott2012-04-282-0/+38
| |
* | Authorization Server hosts now instantiate their own AccessTokens rather ↵Andrew Arnott2012-04-2519-218/+201
| | | | | | | | | | | | | | than just parameters. AccessTokens are now serialized via a virtual method on that instance. Fixes #38, I think.
* | Moved IAuthorizationServerHost interface into the auth server project.Andrew Arnott2012-04-243-1/+1
| |
* | Fixed C# warnings.Andrew Arnott2012-04-231-3/+3
| |
* | Fixed build breaks when targeting .NET 3.5.Andrew Arnott2012-04-234-7/+7
| |
* | Anonymous clients can now exchange resource owner credentials for refresh ↵Andrew Arnott2012-04-225-24/+44
| | | | | | | | | | | | | | | | and access tokens. (authenticated clients already could). Fixes #100
* | Removed old FxCop suppression attributes.Andrew Arnott2012-04-222-5/+0
| |
* | Fixed Stylecop messages.Andrew Arnott2012-04-221-0/+1
| |
* | Fixes access denial errors from OAuth 2 resource servers so they include the ↵Andrew Arnott2012-04-2224-136/+435
| | | | | | | | | | | | required parameters in their WWW-Authenticate headers. Fixes #124
* | Replaces ResourceServer.VerifyAccess with a better pattern for error handling.Andrew Arnott2012-04-214-53/+124
| | | | | | | | Fixes #122
* | Merge branch 'v4.0'Andrew Arnott2012-04-213-1/+5
|\ \ | |/
| * Removed unimplemented Exception.GetObjectData override methods.Andrew Arnott2012-04-212-0/+4
| | | | | | | | | | | | They weren't implemented anyway, and seem to be causing trouble with certain CLR 4 hosters (like Rackspace). Fixes #121
| * Fix for VerificationException that occurs on some machines.Andrew Arnott2012-04-101-1/+1
| | | | | | | | Fixes #112
* | Fixed StyleCop message.Andrew Arnott2012-04-201-0/+3
| |
* | Fixed several failing unit tests due to their non-support for network ↵Andrew Arnott2012-04-201-1/+1
| | | | | | | | credential simulations.
* | Fixed HTTP Basic authentication for OAuth 2 clients so that it actually ↵Andrew Arnott2012-04-1924-34/+281
| | | | | | | | works in the sample.
* | Fixed up the configuration story for OAuth 2.Andrew Arnott2012-04-1821-263/+219
| |
* | Renamed a client credential applicator.Andrew Arnott2012-04-182-6/+6
| |
* | StyleCop cleanup, and reversal of some code changes that were no longer ↵Andrew Arnott2012-04-1824-126/+272
| | | | | | | | necessary.
* | We have HTTP Basic client authentication working now in OAuth 2.Andrew Arnott2012-04-1841-57/+933
| |
* | Added a bit more logging.Andrew Arnott2012-04-161-0/+1
| |
* | Added logging for why crypto keys are created.Andrew Arnott2012-04-161-0/+6
| |
* | Authorization server hosts may now provide canonical usernames for the ↵Andrew Arnott2012-04-163-4/+17
| | | | | | | | | | | | resource owner given correct resource owner credentials. Fixes #103
* | Authorization servers now gain insight into the calling client when ↵Andrew Arnott2012-04-153-8/+17
| | | | | | | | | | | | validating resource owner credential grant type requests. Fixes #101
* | Fixed nightly build to include the deployable archives for docs and samples.Andrew Arnott2012-04-152-107/+16
| | | | | | | | Also fixed up some build breaks that can occur when building certain project targets with explicit TFV properties, which seemed related to the problem.
* | Trimmed off xml doc comment.Andrew Arnott2012-04-141-1/+0
| |
* | Enables the authorization server to store arbitrary additional claims with ↵Andrew Arnott2012-04-142-0/+8
| | | | | | | | | | | | the access token. Fixes #107
* | Fixed build break in TestWeb site.Andrew Arnott2012-04-101-1/+1
| |
* | Hopefully fixed the P2P errors we get from the "web sites" in the solution ↵Andrew Arnott2012-04-081-2/+2
| | | | | | | | on incremental builds.
* | Added a public constructor to ClaimsResponse.Andrew Arnott2012-04-089-23/+47
| | | | | | | | | | | | Also made the probable type URIs that it accepts public and easily discoverable. Fixes #116
* | Added the "beta" prerelease version info to master branch.Andrew Arnott2012-04-081-1/+1
| |
* | Renamed IAuthorizationServer to IAuthorizationServerHost.Andrew Arnott2012-04-0813-30/+30
| | | | | | | | To avoid confusion with the concrete class AuthorizationServer.
* | Merge branch 'v4.0'Andrew Arnott2012-04-081-1/+1
|\ \ | |/ | | | | | | Conflicts: src/version.txt
| * Incremented version for v4.0.2.Andrew Arnott2012-04-061-2/+2
| |
* | Merge branch 'v4.0'Andrew Arnott2012-04-051-1/+11
|\ \ | |/
| * Fixes embedded web resources in the unified assembly.Andrew Arnott2012-04-051-1/+11
| | | | | | | | | | | | The modified parameters passed to ILMerge causes the assembly WebResourceAttribute attributes to be included in the final assembly rather than omitted. Fixes #114
| * Reverts v4.0 branch back to VS2010, and samples target .NET 3.5, and MVC ↵Andrew Arnott2012-04-051-334/+330
| | | | | | | | | | | | samples are MVC 2. The "upgrade" had introduced a lot of issues, such as broken project templates, broken MVC 3/4 story, etc. and wasn't fitting the stabilization that the v4.0 branch needs.
* | Merge branch 'v4.0'Andrew Arnott2012-04-0561-251/+378
|\ \ | |/ | | | | | | | | | | Conflicts: src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/DotNetOpenAuth.OAuth2.ResourceServer.csproj src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
| * Fixed peverify errors in unified assembly due to two resources sharing a ↵Andrew Arnott2012-04-059-25/+25
| | | | | | | | | | | | common manifest name. Related to #112 which reported peverify errors, but this is very unlikely to fix the VerificationException.
| * Fixes NullReferenceException in UriIdentifier.Initialize on mono.Andrew Arnott2012-04-051-1/+4
| | | | | | | | | | | | Thanks to merarischroeder (https://github.com/merarischroeder) for reporting this issue and prescribing the fix. Fixes #111
| * Fixes InvalidCastExceptions for Identifier and Realm conversionsAndrew Arnott2012-04-059-82/+206
| | | | | | | | | | | | | | | | that can result from receiving a message before the static constructors for those types have executed. This corrects the regression introduced in v4.0.0. Fixes #109
| * Replaced a bunch of TestCase attribute usages with simply Test.Andrew Arnott2012-04-0442-139/+139
| |
* | Fixed C# warning.Andrew Arnott2012-04-041-1/+1
| |
* | Added tests to assert serializability of provider requests.Andrew Arnott2012-04-032-0/+47
| |
* | InfoCard RP sample now targets .NET 4.0Andrew Arnott2012-04-021-1/+1
| |
* | Moved code to calculate a web root into DNOA.Core.Andrew Arnott2012-04-022-5/+14
| |
* | Fixed InfoCard audience validation check failure when the RP targets .NET 4.0.Andrew Arnott2012-04-021-0/+4
| |
* | Migrate all samples to target .NET 4.0 and use IIS Express (where available).Andrew Arnott2012-04-021-1/+1
| | | | | | | | | | | | InfoCardRelyingParty sample left out because it seems to cause input validation trouble. Fixes #108
* | AccessToken is now a public class.Andrew Arnott2012-04-0110-60/+96
| | | | | | | | | | | | | | | | | | | | | | Resource Servers can now handle access tokens that are issued for a client's data (not a 3rd party resource owner's). Client Identifiers are no longer included in access tokens for unauthenticated clients. More work needed on IAccessTokenAnalyzer and the access token formatter. We need to generalize the serialization itself so folks can use JWT, etc. We also still need access token to have a host-defined map of claims. Fixes #104 Fixes #102
* | Fixed missing username and lifetime in implicit access tokens.Andrew Arnott2012-04-011-1/+2
| |
* | Avoided C# warning message.Andrew Arnott2012-04-011-0/+1
| |
* | Fixed typo.Andrew Arnott2012-04-012-3/+3
| |
* | Fixed StyleCop message.Andrew Arnott2012-04-011-1/+0
| |
* | Simplified ClientDescription class and made it more flexible at the sameAndrew Arnott2012-04-012-18/+11
| | | | | | | | time.
* | Allows the authorization server to store merely the hashes of client secrets.Andrew Arnott2012-04-015-60/+110
| | | | | | | | Fixes #92
* | Fixed inclusion of refresh token based on host policy.Andrew Arnott2012-04-011-2/+1
| |
* | Corrected old name of nonce store property.Andrew Arnott2012-04-012-3/+3
| |
* | Fixed location of a project within its solution folder.Andrew Arnott2012-03-311-0/+1
| |
* | Moved localizable strings into specific OAuth 2 assemblies.Andrew Arnott2012-03-3114-96/+84
| |
* | Fixed bad project references in web sites.Andrew Arnott2012-03-311-2/+2
| |
* | Removed another auth server binding element.Andrew Arnott2012-03-314-102/+29
| |
* | Fixes StyleCop issue.Andrew Arnott2012-03-311-1/+1
| |
* | Moved access token signing key to the parameters object.Andrew Arnott2012-03-313-27/+19
| | | | | | | | | | | | This also presumably solves the threading concerns of sharing one instance. Fixes #34
* | Fixed a couple of failing unit tests.Andrew Arnott2012-03-311-1/+1
| |
* | Merge branch 'dev11' into v4.0Andrew Arnott2012-03-311-336/+315
|\ \ | | | | | | | | | | | | Conflicts: src/DotNetOpenAuth.sln
| * \ Merge branch 'v4.0'Andrew Arnott2012-03-311-333/+334
| |\ \ | | |/
| | * Repaired sln file from Dev11 beta bugs.Andrew Arnott2012-03-301-40/+0
| | |
| | * Merged v4.0Andrew Arnott2012-03-303-120/+64
| | |\
generated by cgit v1.1 at 2025-06-02 15:48:15 +0000