"token_type" is required on access token response #32
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As defined on final standard "token_type" is required on Access Token Response. Libraries like AFNetwokring expect token_type to be defined as Bearer if access_token is passed as plain. http://tools.ietf.org/html/rfc6749#section-4.2.2
|
Yes. You are correct. This is a bug and needs to be fixed. I'll pull in your changes and see if I can get this merged ASAP. |
ysavary
pushed a commit
to epyx-src/django-oauth2-provider
that referenced
this pull request
Nov 20, 2014
* master: (29 commits) caffeinehit#56 - Uncomment an assertion in scope tests. It was commented out whilst adding support for Django 1.6. Fix get_access_token failing on single tracker mode after token refresh (caffeinehit#70). Removing django 1.3 from tox and travis-ci matrices since it's no longer officially supported. Fixing silly bug in test wrapper's django version detection. caffeinehit#55 - Update travis-ci config to include Django 1.6. Django 1.6 detection for test wrapper script. caffeinehit#55 - Removing another unnecessary import. caffeinehit#55 - Removing unnecessary imports. caffeinehit#55 Adding Django 1.6 to tox coverage matrix. caffeinehit#55 - Fallback to simplejson in older versions of Django. Fixes caffeinehit#55 - Handle non-list/non-tuple form field values for scope introduced in Django 1.6 caffeinehit#51 caffeinehit#53 - Support for model serialization/deserialization. This addresses the issues in Django 1.6 involving new session storage backend behavior. Fix caffeinehit#26 by checking for invalid data before attempting access. Use `constants` instead of going directly through settings when invalidating tokens and grants. This also replaces 'clean' with 'delete' for the new setting to be more clear as to what's being done under the hood. implement OAUTH_CLEAN_EXPIRED, clean as you go Adding a License section to README. Fixes caffeinehit#32 - Add `token_type` to access token response to conform to section 4.2.2 of the OAuth 2.0 specification. caffeinehit#29 - Remove trailing slash that was causing installs to fail on Windows. Addressing caffeinehit#28 by replacing the BSD license reference with MIT to match what's in the repo. Bumping version to 0.2.7-dev to avoid ambiguity in an established package. ... Conflicts: provider/__init__.py provider/oauth2/views.py
joestump
pushed a commit
to sprintly/django-oauth2-provider
that referenced
this pull request
Jan 18, 2017
…-update Updated the default scopes of the client credentials grant
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As defined on final standard "token_type" is required on Access Token
Response. Libraries like AFNetwokring expect token_type to be defined as
Bearer if access_token is passed as plain.
http://tools.ietf.org/html/rfc6749#section-4.2.2
As this lib uses bearer token type it can be hardcoded.