| Age | Commit message (Collapse) | Author |
|---|
|
The `register-client` and `migrate-data` scopes are not supported for
end-user clients.
|
|
There are at times when a token's scope could be attenuated for
whatever reason from the full scope allowed to the application. In
those instances, it is necessary to use the token's scope rather than
the full scope.
|
|
|
|
In order to use JSON consistently across the board, we make even the
authentication method use JSON rather than FORMDATA.
|
|
* Fetch keys from auth server
* Validate token is signed with one of the keys from server
* Ensure refreshing of token is still synchronised
|
|
The application can be run in a multi-threaded server, leading to a
situation where the multiple threads attempt to get a new JWT using
the exact same refresh token.
This synchronises the various threads ensuring only a single thread is
able to retrieve the new JWT that all the rest of the threads then
use.
|
|
With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
|
|
|
|
|
|
|
|
* gn2/wqflask/oauth2/client.py (oauth2_get): Add a jsonify_p key word
that defaults to False.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn2/wqflask/oauth2/client.py (no_token_post): "uri" does not exist.
Replace it with "uri_path."
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|
|
Fetch configurations from the application, rather than from the
`gn2.utility.tools` module that does not get the updated values from
the secrets file.
|
|
|
|
We move all modules under a gn2 directory. This is important for
"correct" packaging and deployment as a Guix service.
|
