Commit Graph

23 Commits

Author SHA1 Message Date
Marty McGuire 9f7bc5530b support JSON response from auth, token endpoints
For example, the micropub.rocks auth endpoint only returns JSON-encoded responses.

This implementation wraps all top-level values in the JSON object in an array to match the behavior of `parse_qs` but does not check to see if the value is already an array.
2017-03-09 23:33:43 -05:00
Marty McGuire 0471a3aeb8 Add `grant_type` to authorization token requests
micropub.rocks fails on the token fetching step if `grant_type=authorization_code` is missing from the token request.
2017-03-09 22:32:19 -05:00
Marty McGuire 480090ebe4 Include `response_type` in initial auth parameters
micropub.rocks client tests die on initial authorization if `response_type=code` is not included in the original parameters
2017-03-09 22:18:20 -05:00
Kyle Mahan 46ee7f9582 change || to or
Python does not support the former cc: @myfreeweb
2016-03-18 11:34:04 -07:00
Greg f514b24ea4 Accept all 2xx status codes as success 2016-03-18 21:13:05 +04:00
Kyle Mahan 6c2f5f3f6a Support discovering endpoints from HTTP Link headers
in addition to searching the body of the page.
2016-03-18 09:30:49 -07:00
Kyle Mahan 9fdd45a0de Do not burn auth codes by authenticating before requesting an access
token

This broke authorization for endpoints that only allow a code to be
used once (e.g. Known).

A side effect is that authorization no longer falls back to authentication
if the token endpoint does not exist or returns an error.
2016-01-27 07:24:55 -08:00
Kyle Mahan cc9c7dfd21 bugfix: call handle_authenticate_response from authentication_handler
Previously was calling handle_authorize_response which was incorrect.
2016-01-26 23:55:28 -08:00
Kyle Mahan d9a5ff9099 Use napoleon sphinx extension to parse Google-style docstrings 2015-12-16 18:28:29 +00:00
Kyle Mahan 8e73330bd0 trying to fix docstring formatting errors 2015-12-16 18:12:31 +00:00
Kyle Mahan 3282bd76ba Replace next_url parameter with the more general and useful state 2015-12-13 19:50:54 -08:00
Kyle Mahan 83ac2700c0 use indieauth.com as fallback if no authentication_endpoint is provided 2015-06-21 22:35:45 -07:00
Kyle Mahan b714d8db93 do not cache endpoints
Caching these would have allowed a malicious or buggy
auth/token_endpoint combination to give you credentials for another
user's domain name.
2015-05-31 09:16:40 -07:00
Kyle Mahan 4d1f70b1e6 bugfix: use endpoint-for-function for more robust endpoint matching 2015-02-07 12:23:06 -08:00
Kyle Mahan 474458c623 added authentication-only flow
- Added a separate 'authenticate' flow to provide explicit support for
  calling out to indieauth without requesting any sort of access
  token.
- Redirect_url is now determined automatically based on the
  authenticated_handler or authorized_handler annotations
2015-02-07 09:40:31 -08:00
Kyle Mahan c8494277a8 add CSRF token to state parameter 2015-02-03 22:45:08 -08:00
Kyle Mahan 408bc20956 use correct token endpoint parameters
client_id and state were incorrect
2015-02-02 22:51:03 -08:00
Kyle Mahan 74de2173c5 debug log statements for validating access token 2015-02-02 18:05:36 -08:00
Kyle Mahan 32fb204a9c bugfix: list is not an iterator msg when processing errors 2015-02-02 08:42:38 -08:00
Kyle Mahan 1da9d95fc6 rename Micropub to MicropubClient to differentiate 2015-01-28 08:38:15 -08:00
Kyle Mahan 6db7529f4a added micropub_endpoint to authorized_handler response 2015-01-19 09:44:56 -08:00
Kyle Mahan d039e29f30 improve API, add documentation 2015-01-19 09:01:56 -08:00
Kyle Mahan b958da9bd1 initial revision; support basic micropub auth 2015-01-18 23:10:37 -08:00