Skip to content

/ bananas-api

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: change the login flow to an OAuth2 PKCE flow #15

Merged
merged 5 commits into from Apr 19, 2020
Merged

Fix: change the login flow to an OAuth2 PKCE flow #15

merged 5 commits into from Apr 19, 2020

Conversation

@TrueBrain
Copy link
Member

TrueBrain commented Apr 19, 2020

This avoids other websites being able to steal API tokens and
modify any content on the API, without the user knowing.
@TrueBrain TrueBrain force-pushed the TrueBrain:oauth_flow branch from dd70704 to 3328cc8 Apr 19, 2020
@frosch123
frosch123 reviewed Apr 19, 2020
View changes
bananas_api/helpers/web_routes.py Outdated Show resolved Hide resolved
bananas_api/helpers/web_routes.py Show resolved Hide resolved
@TrueBrain
Fix: change the login flow to an OAuth2 PKCE flow
Loading status checks…
2b9e143 
This avoids other websites being able to steal API tokens and
modify any content on the API, without the user knowing.
@TrueBrain TrueBrain force-pushed the TrueBrain:oauth_flow branch from 3328cc8 to 2b9e143 Apr 19, 2020
@TrueBrain
Add: validate client-id and redirect-uri during authentication
Loading status checks…
8959f0a 
If people want to register their application, they can make a
pull-request. This follows OAuth2 design, although we don't have
a dynamic portal to register your app, but it needs to be done
via a pull-request.
@TrueBrain TrueBrain force-pushed the TrueBrain:oauth_flow branch from 629a1d6 to 8959f0a Apr 19, 2020
@TrueBrain
Fix: reworked the developer login method; it now asks for a username
Loading status checks…
a43c546
@TrueBrain TrueBrain force-pushed the TrueBrain:oauth_flow branch from 90490aa to a43c546 Apr 19, 2020
@frosch123
frosch123 reviewed Apr 19, 2020
View changes
Copy link
Member

frosch123 left a comment

LGTM, but the bots are not happy.
bananas_api/helpers/web_routes.py Outdated Show resolved Hide resolved
TrueBrain added 2 commits Apr 19, 2020
@TrueBrain
Fix: typos and black/flake errors
Loading status checks…
4850896
@TrueBrain
Fix: update regression with new developer login-flow
Loading status checks…
b903c15
@frosch123
frosch123 approved these changes Apr 19, 2020
View changes
@TrueBrain TrueBrain merged commit 9ee4665 into OpenTTD:master Apr 19, 2020
5 checks passed
5 checks passed
Docker build
Details
Flake8
Details
Black
Details
Regression
Details
LGTM analysis: Python No new or fixed alerts
Details
@TrueBrain TrueBrain deleted the TrueBrain:oauth_flow branch Apr 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frosch123 frosch123

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@TrueBrain @frosch123
You can’t perform that action at this time.