docs: Update RFC URLs to modern location (#1315)

README.rst

@@ -33,7 +33,7 @@ If you are facing one or more of the following:
 Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2
 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent
 `OAuthLib <https://github.com/idan/oauthlib>`_, so that everything is
-`rfc-compliant <http://tools.ietf.org/html/rfc6749>`_.
+`rfc-compliant <https://rfc-editor.org/rfc/rfc6749.html>`_.
 
 Reporting security issues
 -------------------------

docs/getting_started.rst

@@ -416,7 +416,7 @@ Next step is :doc:`first tutorial <tutorial/tutorial_01>`.
 .. _Whitson Gordon: https://en.wikipedia.org/wiki/OAuth#cite_note-1
 .. _User: https://docs.djangoproject.com/en/3.0/ref/contrib/auth/#django.contrib.auth.models.User
 .. _Django documentation: https://docs.djangoproject.com/en/3.0/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project
-.. _RFC6749: https://tools.ietf.org/html/rfc6749#section-1.3
+.. _RFC6749: https://rfc-editor.org/rfc/rfc6749.html#section-1.3
 .. _Grant Types: https://oauth.net/2/grant-types/
 .. _URL: http://127.0.0.1:8000/o/authorize/?response_type=code&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback
 

docs/index.rst

@@ -9,7 +9,7 @@ Welcome to Django OAuth Toolkit Documentation
 Django OAuth Toolkit can help you by providing, out of the box, all the endpoints, data, and logic needed to add OAuth2
 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent
 `OAuthLib <https://github.com/idan/oauthlib>`_, so that everything is
-`rfc-compliant <http://tools.ietf.org/html/rfc6749>`_.
+`rfc-compliant <https://rfc-editor.org/rfc/rfc6749.html>`_.
 
 See our :doc:`Changelog <changelog>` for information on updates.
 

docs/resource_server.rst

@@ -1,7 +1,7 @@
 Separate Resource Server
 ========================
 Django OAuth Toolkit allows to separate the :term:`Authorization Server` and the :term:`Resource Server`.
-Based on the `RFC 7662 <https://tools.ietf.org/html/rfc7662>`_ Django OAuth Toolkit provides
+Based on the `RFC 7662 <https://rfc-editor.org/rfc/rfc7662.html>`_ Django OAuth Toolkit provides
 a rfc-compliant introspection endpoint.
 As well the Django OAuth Toolkit allows to verify access tokens by the use of an introspection endpoint.
 

docs/rfc.py

@@ -4,7 +4,7 @@
 from docutils import nodes
 
 
-base_url = "http://tools.ietf.org/html/rfc6749"
+base_url = "https://rfc-editor.org/rfc/rfc6749.html"
 
 
 def rfclink(name, rawtext, text, lineno, inliner, options={}, content=[]):

docs/tutorial/tutorial_04.rst

@@ -9,7 +9,7 @@ Revoking a Token
 ----------------
 Be sure that you've granted a valid token. If you've hooked in `oauth-toolkit` into your `urls.py` as specified in :doc:`part 1 <tutorial_01>`, you'll have a URL at `/o/revoke_token`. By submitting the appropriate request to that URL, you can revoke a user's :term:`Access Token`.
 
-`Oauthlib <https://github.com/idan/oauthlib>`_ is compliant with https://tools.ietf.org/html/rfc7009, so as specified, the revocation request requires:
+`Oauthlib <https://github.com/idan/oauthlib>`_ is compliant with https://rfc-editor.org/rfc/rfc7009.html, so as specified, the revocation request requires:
 
 - token:  REQUIRED, this is the :term:`Access Token` you want to revoke
 - token_type_hint: OPTIONAL, designating either 'access_token' or 'refresh_token'.

oauth2_provider/generators.py

@@ -17,7 +17,7 @@ class ClientIdGenerator(BaseHashGenerator):
     def hash(self):
         """
         Generate a client_id for Basic Authentication scheme without colon char
-        as in http://tools.ietf.org/html/rfc2617#section-2
+        as in https://rfc-editor.org/rfc/rfc2617.html#section-2
         """
         return oauthlib_generate_client_id(length=40, chars=UNICODE_ASCII_CHARACTER_SET)
 

oauth2_provider/oauth2_validators.py

@@ -536,7 +536,7 @@ def save_bearer_token(self, token, request, *args, **kwargs):
         Save access and refresh token, If refresh token is issued, remove or
         reuse old refresh token as in rfc:`6`
 
-        @see: https://tools.ietf.org/html/draft-ietf-oauth-v2-31#page-43
+        @see: https://rfc-editor.org/rfc/rfc6749.html#section-6
         """
 
         if "scope" not in token:

oauth2_provider/views/introspect.py

@@ -13,7 +13,7 @@
 class IntrospectTokenView(ClientProtectedScopedResourceView):
     """
     Implements an endpoint for token introspection based
-    on RFC 7662 https://tools.ietf.org/html/rfc7662
+    on RFC 7662 https://rfc-editor.org/rfc/rfc7662.html
 
     To access this view the request must pass a OAuth2 Bearer Token
     which is allowed to access the scope `introspection`.

tests/test_authorization_code.py

@@ -483,7 +483,7 @@ def test_code_post_auth_redirection_uri_with_querystring(self):
         """
         Tests that a redirection uri with query string is allowed
         and query string is retained on redirection.
-        See http://tools.ietf.org/html/rfc6749#section-3.1.2
+        See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2
         """
         self.client.login(username="test_user", password="123456")
 

tests/test_hybrid.py

@@ -690,7 +690,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_token(self):
         """
         Tests that a redirection uri with query string is allowed
         and query string is retained on redirection.
-        See http://tools.ietf.org/html/rfc6749#section-3.1.2
+        See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2
         """
         self.client.login(username="hy_test_user", password="123456")
 
@@ -713,7 +713,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_id_token(self):
         """
         Tests that a redirection uri with query string is allowed
         and query string is retained on redirection.
-        See http://tools.ietf.org/html/rfc6749#section-3.1.2
+        See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2
         """
         self.client.login(username="hy_test_user", password="123456")
 
@@ -737,7 +737,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_id_token_token(sel
         """
         Tests that a redirection uri with query string is allowed
         and query string is retained on redirection.
-        See http://tools.ietf.org/html/rfc6749#section-3.1.2
+        See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2
         """
         self.client.login(username="hy_test_user", password="123456")
 

tests/test_implicit.py

@@ -205,7 +205,7 @@ def test_implicit_redirection_uri_with_querystring(self):
         """
         Tests that a redirection uri with query string is allowed
         and query string is retained on redirection.
-        See http://tools.ietf.org/html/rfc6749#section-3.1.2
+        See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2
         """
         self.client.login(username="test_user", password="123456")
 

tests/test_oauth2_validators.py

@@ -311,7 +311,7 @@ class TestOAuth2ValidatorProvidesErrorData(TransactionTestCase):
     """These test cases check that the recommended error codes are returned
     when token authentication fails.
 
-    RFC-6750: https://tools.ietf.org/html/rfc6750
+    RFC-6750: https://rfc-editor.org/rfc/rfc6750.html
 
     > If the protected resource request does not include authentication
     > credentials or does not contain an access token that enables access
@@ -331,7 +331,7 @@ class TestOAuth2ValidatorProvidesErrorData(TransactionTestCase):
     > attribute to provide the client with the reason why the access
     > request was declined.
 
-    See https://tools.ietf.org/html/rfc6750#section-3.1 for the allowed error
+    See https://rfc-editor.org/rfc/rfc6750.html#section-3.1 for the allowed error
     codes.
     """