Commit Graph

11 Commits

Author SHA1 Message Date
Roeland Jago Douma b9ac258870
Strict controllers
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-07 13:43:22 +01:00
Roeland Jago Douma 674930da7f
Move ExpiredTokenException to the correct namespace
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 19:30:45 +01:00
Roeland Jago Douma 75456b057d
Reset bruteforce on token refresh OAuth
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.

This resets the brute force attempts for that UID on a valid refresh of
the token.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 11:21:27 +01:00
Roeland Jago Douma 3556e78c25
The OAuth endpoint needs to support Basic Auth
* Add test

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-29 15:17:54 +02:00
Roeland Jago Douma 5a97148863
Don't use special chars to avoid confusion
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
Roeland Jago Douma f7ecec855b
Rotate token
On a refresh token request:
* rorate
* reset expire

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
Roeland Jago Douma c28b25c4f0
Authenticate the clients on requesting a token
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
Roeland Jago Douma 49795d2006
Set OAuth token expiration
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
Lukas Reschke 88afd8b224
Cleanup code
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:08 +02:00
Lukas Reschke 4b4d3bb1c2
It's a bearer
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:05 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00