* Test redirect_uri construction
This was a test marked as TODO.
* Remove duplicate test
* Add tests to exactly match redirect URIs
* Redirect URIs must match exactly.
To quote from the specification at
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest:
Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OpenID Provider, with the matching performed as
described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
* Log create_uri_response exceptions to logger.exception
* Support grant type password - basics
* Add tests for Resource Owner Password Credentials Flow
* Password Grant -Response according to specification
* Better tests for errors, disable grant type password by default
* Add documentation for grant type password
* User authentication failure to return 403
* Add id_token to response
* skipping consent only works for confidential clients
* fix URI fragment
example not working URL `http://localhost:8100/#/auth/callback/`
* OIDC_POST_END_SESSION_HOOK + tests
* Explicit function naming
* Remove print statements
* No need for semicolons, this is Python
* Update CHANGELOG.md
* fixed logger message
* Improved `exp` value calculation
* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK
* added docs for OIDC_AFTER_END_SESSION_HOOK
* Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.
* Adds a setting variable for custom template paths
* Updates documentation
* Fixed bad try/except/finally block
* Adds test for OIDC_TEMPLATES settings
* Determine value for op_browser_state from session_key or default
* Do not use cookie for browser_state. It may not yet be there
* Add docs on new setting
OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY
* Fix compatibility for older versions of Django
* solved merging typo for missing @property
Use `time.time()` rather than `timezone.now()` for generating the unix
timestamps. This avoids conversion between year-month-day-hh-mm-ss
formatted timestamp vs. unix timestamp and is therefore simpler and more
robust.
Add a test case for this too and amend test_token_endpoint, since it
used to mock timezone.now, but now it needs to mock time.time.
There have been some issues in Python 3 where elements of the id_token
were left when encoding the token. Cause was incorrect encoding logic in
pyjwkest. Version 1.0.3 has improved encoding handling.
Make iat_time, exp_time, auth_time an integer, not a float. The spec
does not explicitly forbit float times, but some clients don't accept
this (mod_auth_openidc), and `timetuple()` has second precision anyway
so we don't loose any information.
