Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow public clients to authenticate without client_secret #1031

Merged
merged 1 commit into from Mar 14, 2018
Merged

Allow public clients to authenticate without client_secret #1031

merged 1 commit into from Mar 14, 2018

Commits on Mar 11, 2018

  1. Allow public clients to authenticate without client_secret 

    Add Application#confidential

Add dummy migration for Application#confidential

Because Dummy app is now Rails 5.1, the old migrations' ancestor class needed to be explicitly the 4.2 variety.

Expose app confidentiality in views & controllers

Allow public applications to be found if secret is blank

Don't use #client_via_uid fallback on Password strategy

Since credentials will only contain UID when a public application is calling, the fallback method of finding by UID alone is dead code. Private apps are not allowed to be identified by UID alone.
    Justin Bull committed Mar 11, 2018
    Copy the full SHA
    de4618c View commit details
    Browse the repository at this point in the history