|
cfe0f47d0f
|
Switch from PyJWT to python-jose, since it supports more features and has more documentation
|
2017-11-03 17:42:57 +11:00 |
|
|
179f5753ed
|
Implement a token endpoint - currently all tokens last forever and can't be revoked, but I can add revocation later without too much trouble
|
2017-11-03 17:18:00 +11:00 |
|
|
9add6be8e4
|
Remove the pointless verify_auth_code wrapper - it's easier to do the verification work in the view anyway
|
2017-11-03 16:40:09 +11:00 |
|
|
3d5b537369
|
Oops, forgot to put .objects after the model to get the actual manager
|
2017-11-03 16:19:26 +11:00 |
|
|
ab810a8f94
|
Simplify the auth code format a little: the 'me' value can be computed from the user ID and so is redundant
|
2017-11-03 16:14:30 +11:00 |
|
|
43a56e865e
|
Add the current user's ID to the auth code, will be handy when making a token since we need to know who the token's for
|
2017-11-03 15:51:27 +11:00 |
|
|
40810d6310
|
Refactor the actual JWT calls into separate functions since I'll be needing them for tokens as well as auth codes
|
2017-11-03 14:37:39 +11:00 |
|
|
6f6bb4e534
|
Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter
|
2017-11-03 14:33:27 +11:00 |
|
|
6b1cd896ea
|
Handle IndieAuth redirect URIs that already have query parameters
|
2017-11-03 12:14:15 +11:00 |
|
|
b658bf5c79
|
Default to form encoding rather than JSON, since legacy clients that don't support JSON usually also don't ask for a certain format
|
2017-11-03 11:51:34 +11:00 |
|
|
92cd38cbb0
|
Make relative redirect URIs redirect to the right place, by urljoining them with the client ID
|
2017-11-03 11:28:26 +11:00 |
|
|
1c09be1b1c
|
Switch from database-persisted auth codes to stateless JSON Web Tokens :)
|
2017-11-02 16:36:16 +11:00 |
|
|
41d490ea80
|
Put the shortcuts for returning 40* responses into lemoncurry.utils
|
2017-11-02 16:16:04 +11:00 |
|
|
06278935b6
|
Add support for selecting scopes during IndieAuth's 'code' type
|
2017-11-01 13:27:55 +11:00 |
|
|
387e7d859c
|
Smarter handling of IndieAuth code verification, including verifying the response type is correct
|
2017-11-01 10:56:49 +11:00 |
|
|
bfa7f68edc
|
Make POST /indie/auth return a 403 if parameters are missing, rather than a 500
|
2017-10-30 08:27:19 +11:00 |
|
|
e5d3af1b51
|
Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified
|
2017-10-29 19:15:29 +11:00 |
|
|
acce72e90e
|
Implement the auth-code verification step, producing a complete IndieAuth implementation for 'id' type (nothing for 'code' type yet tho)
|
2017-10-29 17:07:36 +11:00 |
|
|
8b4a14ffa3
|
On approving an IndieAuth request, actually generate an auth code and redirect
|
2017-10-29 16:16:27 +11:00 |
|
|
221d548e4a
|
Give better 'me' normalisation to IndieAuth processing + Aadd a simple POST route for actually submitting the form
|
2017-10-29 14:39:30 +11:00 |
|
|
e2e21f4afa
|
Make sure IndieAuth is agnostic to whether the 'me' parameter has a trailing slash or not
|
2017-10-27 22:03:25 +11:00 |
|
|
5690e4bfab
|
Add some niiiice h-x-app rendering to the authorisation page, so you can get a pretty view of who's trying to auth
|
2017-10-27 21:32:14 +11:00 |
|
|
a14d31e9d3
|
Improve the IndieAuth form: include the state parameter, show more information, etc.
|
2017-10-27 13:26:21 +11:00 |
|
|
93be2f5a32
|
Half-implement an IndieAuth authorization endpoint - it accepts the right parameters, verifies your client_id, and displays a prompt, but you can't actually approve the auth yet
|
2017-10-26 11:35:57 +11:00 |
|
|
d234fd942d
|
Refactor the login views into their own modules, because I'm about to implement IndieAuth and it's gonna be kinda big
|
2017-10-26 11:21:56 +11:00 |
|
|
0328ab97f6
|
Add support for ogp:url and the much nicer rel="canonical", as well as smarter title handling
|
2017-10-25 09:25:35 +11:00 |
|
|
7f17d50486
|
Enable django-otp-agents, for preserving OTP trust over time
|
2017-10-25 01:46:18 +11:00 |
|
|
3f3bb05a25
|
Add TOTP support with django-otp
|
2017-10-25 01:25:03 +11:00 |
|
|
492ba744fc
|
Adjust breadcrumb label for lemonauth:login to match other labels
|
2017-10-25 00:55:38 +11:00 |
|
|
9e2c6a6634
|
Mark login form fields as required
|
2017-10-25 00:30:44 +11:00 |
|
|
53fbc804bd
|
Whoops, use correct Bootstrap 4 classes to indicate invalid form fields
|
2017-10-25 00:30:09 +11:00 |
|
|
84a34c89e7
|
Enable breadcrumb support, use it on the login view
|
2017-10-25 00:25:41 +11:00 |
|
|
c210650ca7
|
Switch from using the admin login/logout pages to custom 'lemonauth' pages
|
2017-10-24 23:50:57 +11:00 |
|