b9ac258870
Strict controllers
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-07 13:43:22 +01:00
674930da7f
Move ExpiredTokenException to the correct namespace
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 19:30:45 +01:00
75456b057d
Reset bruteforce on token refresh OAuth
...
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.
This resets the brute force attempts for that UID on a valid refresh of
the token.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 11:21:27 +01:00
3556e78c25
The OAuth endpoint needs to support Basic Auth
...
* Add test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-29 15:17:54 +02:00
5a97148863
Don't use special chars to avoid confusion
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
f7ecec855b
Rotate token
...
On a refresh token request:
* rorate
* reset expire
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
c28b25c4f0
Authenticate the clients on requesting a token
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
49795d2006
Set OAuth token expiration
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
88afd8b224
Cleanup code
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:08 +02:00
4b4d3bb1c2
It's a bearer
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:05 +02:00
5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Roeland Jago Douma
Lukas Reschke