New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth provider #4

Merged
merged 18 commits into from Nov 3, 2018

Conversation

Projects
None yet
1 participant
@oestrich
Owner

oestrich commented Nov 2, 2018

This starts on an OAuth provider for the Gossip network. Grapevine will be a new way of authenticating against a game.

TODO:

  • authorization redirects need to be a proper https only URI
  • games should have a white list of allowed redirect uris, again valid https only
  • access tokens only generate for active authorizations
  • authorization code is valid once
  • handle client id not found, redirect back with an error
  • scopes
    • profile, basic profile information uid, username
    • email, upgraded profile to include email
  • re-authorize should clear previous tokens

New PR:

  • view active authorizations
    • deactivate them

oestrich added some commits Nov 2, 2018

Start of Grapevine's OAuth provider
- Uses gossip's games
- Creates authorizations, to be approved or denied
- Generates access tokens

@oestrich oestrich self-assigned this Nov 2, 2018

@oestrich oestrich merged commit ad9a655 into master Nov 3, 2018

@oestrich oestrich deleted the oauth branch Nov 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment