- Sep 01, 2022
-
-
Bojan Bogdanovic authored
-
- Aug 30, 2022
-
-
Bojan Bogdanovic authored
-
- Jul 29, 2022
-
-
Bojan Bogdanovic authored
-
- Jul 25, 2022
-
-
Bojan Bogdanovic authored
Issue #3095250: Public and private key generation should add .htaccess to provided folder where keys are generated
-
- Jul 22, 2022
-
-
Bojan Bogdanovic authored
-
- Jul 21, 2022
-
-
Bojan Bogdanovic authored
-
- Jul 19, 2022
-
-
-
Bojan Bogdanovic authored
-
- Jun 17, 2022
-
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
-
- May 30, 2022
-
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
Issue #3263631: Create dedicated authorization server service and implement new (scope/consumer) data model
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
-
- May 03, 2022
-
-
Bojan Bogdanovic authored
• Added possiblity to retrieve all referenced scopes via the OAuth2 Scope reference field type • Updated tests with new scope data model
-
Bojan Bogdanovic authored
Moved PKCE to the authorization_code form details element and removed enforcing PKCE, it should be optional; https://datatracker.ietf.org/doc/html/rfc7636#section-5.
-
Bojan Bogdanovic authored
• Migrated settings to the consumer entity; so that there is more flexiblity. • Removed the “use_implicit” setting; it’s no longer recommended by the OAuth2 spec. • Added hook_updates for installing/updating/removing BaseFields on the “consumer” and “oauth2_token” entity. • Disabled translation on BaseFields that should not be translatable on the “consumer” entity. • Introduced custom field type for referencing to OAuth2 scopes; it can reference to static or dynamic scopes dependent on the active scope provider. • Introduced custom validation constraint for the “Redirects” BaseField and using string as field type; the uri field type does not support custom URL schemes, this is the reason why string is used as field type. The validation constraint allows more than scoped in the issue, because local domains can differ alot. • Added custom validation constraint for the “oauth2_scope_reference” field type; so that non-existing scopes can’t be referenced. • The “third_party” BaseField is defined on in the consumers module; leaving it for now. • Enforcing PKCE when client is public and Authorisation Code grant type is active. • Vertical tabs don’t work properly yet with states, wrote todo to pickup it up when the following issue gets fixed: https://www.drupal.org/project/drupal/issues/1148950. • Made “scope_provider” setting disabled when there are scopes referenced in consumers. • Removed “ContainerFactoryPluginInterface” from the “Oauth2GrantBase”; not all plugins need dependency injection. • Removed Oauth2Grant plugins (and associated tests) that are no longer recommended; this way they can’t be selected anymore from the consumer entity or dynamic/static scope, this related to issue: #3261247.
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
• Renamed scope property label; name is more descriptive (e.g: loadByName makes more sense) • Generating OAuth2 Scope entity id as machine name • Added laod possiblities by name, multiple by name and parent • Added dedicated interface for the OAuth2 scope provider • Added possibility to retrieve a flatten permission tree by providing a scope object • Removed redundant label property from the OAuth2 scope plugin definition; it is not possible to create plugin instances by a property, thus plugin id is now acting as scope id and name • Removed derivative possiblity on the OAuth2 scope plugins; it was conflicting with scope names with colon usage • Made OAuth2 scope description property required; this description is now also being used as fallback when there is no grant type description
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
Updated parent options form element, removed pagination from scope plugin overview and updated interfaces
-
Bojan Bogdanovic authored
-
Bojan Bogdanovic authored
• Implementing static scopes via Plugin YAML discovery. • Implementing dynamic scopes via Config entity. • Introduced scope provider service; which is leveraging the adapter design pattern. The service instantiated via a factory; due the fact that the instantiation is dependent on config settings. • Added scope provider setting. • Added dedicated overview pages per scope provider. • Added controller for the static scope view operation. • Moved "Oauth2GenerateKeyForm" and "Oauth2TokenSettingsForm" from Entity namespace/dir, these forms are not related to the Entity. • Moved "AccessTokenAccessControlHandler" and "Oauth2TokenListBuilder" to "src/Entity/Access"; this is a more fitting place for these files/classes. • Removed redundant "_admin_route" and "base_route" option in the routing, because routes that start with "/admin" will by default have the option "_admin_route" set to TRUE and "base_route" is not applicable in the routing.yml. • Moved token entity routes under the "oauth2_token" namespace, we have now multiple entities and they should be structered. • Added custom menu link to show the active scope provider in the menu. • Added dedicated scope permissions. • Added Unit/Kernel tests for the scope: entity, plugin, plugin manager, provider.
-
- Apr 26, 2022
-
-
Brad Jones authored
-
- Jan 19, 2022
-
-
Brad Jones authored
-
Brad Jones authored
-
- Jan 05, 2022
-
-
Brad Jones authored
-
- Jan 03, 2022
-
-
-
Brad Jones authored
-
- Dec 22, 2021
-
-
- Dec 21, 2021
-
-
Brad Jones authored
Issue #3230707 by bradjones1, mrweiner, Taran2L, e0ipso, bucefal91: 5.x broken on php 8 due to incompatibility with lcobucci/jwt v4 via league/oauth2-server ^8.2
-
Brad Jones authored
Issue #3173947 by bradjones1, paul121, simonboy, rudolfbyker: Cannot authorize non-confidential clients
-
- Sep 19, 2021
-
-
Issue #3163965 by Berdir, segi, ayalon: Trying to get property 'value' of non-object in Oauth2GrantManager->getAuthorizationServer()
- May 02, 2021
-
-
Mateu Aguiló Bosch authored
Issue #3116782 by e0ipso, eojthebrave, stefan.korn, rkoller, Pasqualle, matt_paz: Fields added to consumer entity shown in wrong order in UI
-
- Dec 08, 2020
-
-
Brad Jones authored
-
- Sep 27, 2020