Disallow token revokation for clients other than the one that requested it #225
Assignees
Labels
bug
Something is not working.
Comments
This was referenced Dec 4, 2017
mgloystein
added a commit
to spotxchange/fosite
that referenced
this issue
Jan 11, 2018
* handler/oauth2: set expiration time before the access token is generated (ory#216) Signed-off-by: Nikita Vorobey <nikita@vorobey.by> * token/hmac: replace custom logic with copypasta * tests: replace nil checks with Error/NoError * scripts: add format helper scripts * all: format files with goimports * travis: use go-acc and test format * history: add 0.12.0 to TOC * travis: update to go 1.9 * travis: add goimports to install section * scripts: fix goimports import path * vendor: replace glide with dep * Add license header to all source files (ory#222) Closes ory#221 Signed-off-by: aeneasr <aeneas.rekkas@serlo.org> * travis: update go version (ory#220) * handler/oauth2: Client IDs in revokation requests must match now (ory#226) Closes ory#225 * Simplifies error contexts (ory#227) Simplifies how errors are instantiated. Errors now contain all necessary information without relying on `fosite.ErrorToRFC6749Error` any more. `fosite.ErrorToRFC6749Error` is now an internal method and was renamed to `fosite.errorToRFC6749Error`. * Exports ErrorToRFC6749Error again (ory#228) * Makes use of rfcerr in access error endpoint writer explicit * handler/oauth2: Improves authorization code error handling * handler/oauth2: Adds token revokation on authorize code reuse * internal: Updates mocks and mock generation * oauth2: Allows client credentials in POST body and solves public client auth Closes ory#231 Closes ory#217 * Improves error debug messages across the project * Resolves test issues and reverts auth code revokation patch * docs: Updates history.md * Improves test coverage report by removing internal package from it * Upgrades history.md * token/jwt: Adds ability to specify acr value natively in id token payload * Forces use of UTC time zone everywhere * Adds ability to catch non-conform OIDC authorizations Fosite is now capable of detecting authorization flows that are not conformant with the OpenID Connect spec. * Resolves overriding auth_time with wrong value * Improves http error codes * Returns the correct error on duplicate auth code use * handler/oauth2: Adds offline_access alias for refresh flow * Adds ability to forward hints and debug messages to clients (ory#242) * compose: Makes SendDebugMessages first class citizen (ory#243)
mgloystein
added a commit
to spotxchange/fosite
that referenced
this issue
Mar 27, 2018
* handler/oauth2: set expiration time before the access token is generated (ory#216) Signed-off-by: Nikita Vorobey <nikita@vorobey.by> * token/hmac: replace custom logic with copypasta * tests: replace nil checks with Error/NoError * scripts: add format helper scripts * all: format files with goimports * travis: use go-acc and test format * history: add 0.12.0 to TOC * travis: update to go 1.9 * travis: add goimports to install section * scripts: fix goimports import path * vendor: replace glide with dep * Add license header to all source files (ory#222) Closes ory#221 Signed-off-by: aeneasr <aeneas.rekkas@serlo.org> * travis: update go version (ory#220) * handler/oauth2: Client IDs in revokation requests must match now (ory#226) Closes ory#225 * Simplifies error contexts (ory#227) Simplifies how errors are instantiated. Errors now contain all necessary information without relying on `fosite.ErrorToRFC6749Error` any more. `fosite.ErrorToRFC6749Error` is now an internal method and was renamed to `fosite.errorToRFC6749Error`. * Exports ErrorToRFC6749Error again (ory#228) * Makes use of rfcerr in access error endpoint writer explicit * handler/oauth2: Improves authorization code error handling * handler/oauth2: Adds token revokation on authorize code reuse * internal: Updates mocks and mock generation * oauth2: Allows client credentials in POST body and solves public client auth Closes ory#231 Closes ory#217 * Improves error debug messages across the project * Resolves test issues and reverts auth code revokation patch * docs: Updates history.md * Improves test coverage report by removing internal package from it * Upgrades history.md * token/jwt: Adds ability to specify acr value natively in id token payload * Forces use of UTC time zone everywhere * Adds ability to catch non-conform OIDC authorizations Fosite is now capable of detecting authorization flows that are not conformant with the OpenID Connect spec. * Resolves overriding auth_time with wrong value * Improves http error codes * Returns the correct error on duplicate auth code use * handler/oauth2: Adds offline_access alias for refresh flow * Adds ability to forward hints and debug messages to clients (ory#242) * compose: Makes SendDebugMessages first class citizen (ory#243)
budougumi0617
added a commit
to budougumi0617/fosite
that referenced
this issue
May 10, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: