We ran into a client that blindly takes the value of token_type, which
is lowercase "bearer", and passes that back in the Authorization header.
In an earlier PR #99 there seemed to be some support for this change to
simply accept "bearer" in addition to "Bearer".
* 'develop' of github.com:juanifioren/django-oidc-provider:
Update changelog.rst
include request in password grant authenticate call
Update setup.py
Update changelog.rst
Update changelog.rst
Adjust import order and method order in introspection tests
Replace resource with client in docs.
Update settings docs to add extra introspection setting
Update README.md
Update README.md
Remove the Resource model
Skip csrf protection on introspection endpoint
Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662
Test docs with tox.
Remove Django 1.7 for travis.
Drop support for Django 1.7.
Move extract_client_auth to oauth2 utils.
Remove duplicate link in docs.
Bump version v0.6.0.
Fix BaseCodeTokenModel and user attr.
Update README.md
Edit README and contribute doc.
Edit changelog.
Update changelog.rst
Add protected_resource_view test using client_credentials.
Fix docs.
Improve docs.
Client credentials implementation.
Move changelog into docs.
Update README.md
Update CHANGELOG.md
Fixed infinite callback loop in check-session iframe
Fix PEP8. New migration.
Update example project.
Fix PEP8.
Fix PEP8.
PEP8 errors and urls.
PEP8 models.
Fix contribute docs.
Fix tox for checking PEP8 all files.
Update README.md
Update README.md
Simplify test suit.
Update CHANGELOG.md
Bump version 0.5.3.
Update installation.rst
Update CHANGELOG.md
Fixed wrong Object in Template
Update project to support Django 2.0
Now passing along the token to create_id_token function.
Made token and token_refresh endpoint return requested claims.
Sphinx documentation fixes (#219)
Use request.user.is_authenticated as a bool with recent Django (#216)
Fixed client id retrieval when aud is a list of str. (#210)
Add owner field to Client (#211)
Update CHANGELOG
removed tab char
Add pep8 compliance and checker
Bump version
Update CHANGELOG.md
Preparing v0.5.2 (#201)
Fix Django 2.0 deprecation warnings (#185)
Fix infinite login loop if "prompt=login" (#198)
fixed typos
Bump version
Fix scope handling of token endpoint (#193)
Fixes#192
Use stored user consent for public clients too (#189)
Redirect URIs must match exactly. (#191)
Bug #187 prompt handling (#188)
Don't pin exact versions in install_requires.
The ID token processing hook might want to add claims to the ID token
conditionally based on the scope parameter. Therefore it would be very
useful to provide the scope parameter to the processing hook.
* Test redirect_uri construction
This was a test marked as TODO.
* Remove duplicate test
* Add tests to exactly match redirect URIs
* Redirect URIs must match exactly.
To quote from the specification at
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest:
Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OpenID Provider, with the matching performed as
described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
* Log create_uri_response exceptions to logger.exception
* Support grant type password - basics
* Add tests for Resource Owner Password Credentials Flow
* Password Grant -Response according to specification
* Better tests for errors, disable grant type password by default
* Add documentation for grant type password
* User authentication failure to return 403
* Add id_token to response
* skipping consent only works for confidential clients
* fix URI fragment
example not working URL `http://localhost:8100/#/auth/callback/`
* OIDC_POST_END_SESSION_HOOK + tests
* Explicit function naming
* Remove print statements
* No need for semicolons, this is Python
* Update CHANGELOG.md
* fixed logger message
* Improved `exp` value calculation
* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK
* added docs for OIDC_AFTER_END_SESSION_HOOK
* Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.
* Adds a setting variable for custom template paths
* Updates documentation
* Fixed bad try/except/finally block
* Adds test for OIDC_TEMPLATES settings
* Determine value for op_browser_state from session_key or default
* Do not use cookie for browser_state. It may not yet be there
* Add docs on new setting
OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY
* Fix compatibility for older versions of Django
* solved merging typo for missing @property
Use `time.time()` rather than `timezone.now()` for generating the unix
timestamps. This avoids conversion between year-month-day-hh-mm-ss
formatted timestamp vs. unix timestamp and is therefore simpler and more
robust.
Add a test case for this too and amend test_token_endpoint, since it
used to mock timezone.now, but now it needs to mock time.time.