Author Commit Message Labels Comments Date
Martin von Löwis avatarMartin von Löwis
Do not drop blank values.
Martin von Löwis avatarMartin von Löwis
Added tag 1.12 for changeset bc00f6f8f998
Martin von Löwis avatarMartin von Löwis
Bump version numbers.
Tags
1.12
Martin von Löwis avatarMartin von Löwis
merged
HPI OSM Group avatarHPI OSM Group
Removing assoc handle fetching, since this is now handled by validate and might even lead to a KeyError here ,,,
Martin von Löwis avatarMartin von Löwis
Fix formatting.
Martin von Löwis avatarMartin von Löwis
Added tag 1.11 for changeset a1b5cc3a7593
Martin von Löwis avatarMartin von Löwis
Release 1.11.
Tags
1.11
Martin von Löwis avatarMartin von Löwis
Mark verify_signature_directly as internal function.
Martin von Löwis avatarMartin von Löwis
Document the verify function.
Martin von Löwis avatarMartin von Löwis
Extend nonce lifetime to 5 minutes.
HPI OSM Group avatarHPI OSM Group
Switch to usage of verify(), adding discovery cache
Martin von Löwis avatarMartin von Löwis
Work around missing getcode in 2.5.
Martin von Löwis avatarMartin von Löwis
Parse port number out of URL.
Martin von Löwis avatarMartin von Löwis
Drop bytes literal.
Martin von Löwis avatarMartin von Löwis
Work around 2.6 limitation.
Martin von Löwis avatarMartin von Löwis
Add error numbers.
Martin von Löwis avatarMartin von Löwis
Check nonce presence for OpenID 2.
Martin von Löwis avatarMartin von Löwis
Redo verification procedure, in openid2rp.verify.
Martin von Löwis avatarMartin von Löwis
Drop usage of cookies.
Martin von Löwis avatarMartin von Löwis
Put openid1 parameter in return_to URL for OpenID 1.1 providers.
Martin von Löwis avatarMartin von Löwis
Fix exception for defaultdict.
Martin von Löwis avatarMartin von Löwis
Streamline session handling.
Default avatar ja...@nottheoilrig.com
Update demo app to reuse associations.
Default avatar ja...@nottheoilrig.com
Prevent a malicious user who controls an OP-local identifier from impersonating claimed identifiers that the OP is authorized to make assertions about, but that the user doesn't control.
Default avatar ja...@nottheoilrig.com
Default avatar ja...@nottheoilrig.com
Add 1.1 compatibility: RP MUST keep track of what claimed identifier was used to discover the OP-local identifier, for example by keeping it in session state.
Default avatar ja...@nottheoilrig.com
Cache discovered OP endpoint URL to avoid repeating discovery when verifying assertions. When verifying assertions, OP endpoint URL is used to get an association if one is stored, and to perform direct verification otherwise.
Default avatar ja...@nottheoilrig.com
Extend demo app to demonstrate direct verification. Use discovered OP endpoint URL to perform direct verification.
Default avatar ja...@nottheoilrig.com
Key associations on OP endpoint URL *and* assoc_handle, to prevent a malicious user from causing us to establish an association with an OP that it controls, then forging assertions from an OP that it doesn't control.
  1. Prev
  2. Next
Help
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.