Task/update from main library #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since `_()` is evaluated at import time the translation would always be the default translation of the Django installation as of process startup time. With `ugettext_lazy` evaluation is delayed until the translated strings are forced to strings in the template, so the current language of the request will be used.
Co-authored-by: Eirik Martiniussen Sylliaas <eirik@sylliaas.no> Co-authored-by: Stefan Foulis <stefan@foulis.ch>
Fix example in docs for translatable scopes
…e-models Add OIDC_CLIENT_MODEL setting to enable client model swapping (rebased)
support Django 2.1 in an exmaple project
Consistently use the *_endpoint_class pattern on AuthorizeView, TokenView and TokenInstrospectionView.
Add .coverage* to .gitignore
…nt-view-endpoint-class Consistently use endpoint class set on views
This means we don't need to specify the Tox environments in two places anymore.
…e/swappable-models Revert "Add OIDC_CLIENT_MODEL setting to enable client model swapping (rebased)"
…l-scope-support Extended scope support for grant_type=client_credentials and password
Update Travis CI matrix
This enables subclasses to customize the token and code creation.
If oidc provider is used in a multi database setup it may not be used on the default database alone. And when used in a database mirror setup the migration could be executed on a different db alias/transaction. This can cause migration failures because the ReponseType table is created on the database passed to the migrate command while the data is inserted in the database returned from the database router. Depending on the configuration the ResponseType table may not exist for that database yet or the ResponseType data was already migrated resulting in a DatabaseError and IntegrityError respectively.
Before this change the PKCE secret would be verified only if it was sent by the client. This defeats the point of PKCE as a malicious actor which intercepted the code returned from the authorization endpoint would be able to send a request to the token endpoint without the code_verifier. This only affects public clients and is subject to the preconditions described by: https://tools.ietf.org/html/rfc7636#section-1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.