Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
Creation of a User object from the database resultset will mostly be
the same. This commit moves the repetitive code into a static method
that can be called wherever we need it.
This improves maintainability, since we only ever need to do an update
in one place now.
|
|
|
|
This reverts commit 0582565fa7db4b95e86fb0dde8d83e3170e566a7.
Adding the user roles to the token makes the token ridiculously
large. Rather than doing that, we'll use an endpoint on the auth
server to get the user roles and privileges instead.
|
|
|
|
|
|
These linting errors can't be rebased into the newer commits.
|
|
Register the RefreshTokenGrant with the server to enable refreshing of
the tokens.
|
|
|
|
Have each JWT token have a `jti` claim (JWT ID) to help with tracking
refreshes, and therefore validity of the JWTs.
If a refresh token is used more than once, then that refresh token,
and all its progeny/descendants are considered invalid, since that
token could have been stolen.
|
|
This shim enables us to have a refresh token with the JWT. This might
not be the way to refresh JWTs - this is because the
`authlib.oauth2.rfc7523.token.JWTBearerTokenGenerator.__call__(…)`
method has a comment that states:
# there is absolutely no refresh token in JWT format
Searching on the internet, however, seems to indicate that JWTs can be
used in conjunction with refresh tokens... We need to verify this and
fix this if necessary.
|
|
|
|
|
|
|
|
Authenticate with the usual authentication code flow.
Do not inherit AuthenticationCodeGrant in JWTBearerGrant, instead, use
the JWTBearerGrant to generate the token after the user has already
been successfully authenticated.
|
|
|
|
|
|
* gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py
(__query_authorization_code__): Rename the_code -> _code.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
This improves readability.
* gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py
(AuthorisationCodeGrant.save_authorization_code): Use keyword arguments.
* gn_auth/auth/authentication/oauth2/models/authorization_code.py
(authorisation_code): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|
|
Change from gn3 to gn_auth
|
|
|