Source

openid2rp / openid2rp / testapp.py

Author Commit Message Labels Comments Date
Martin von Löwis
Parse port number out of URL.
Martin von Löwis
Redo verification procedure, in openid2rp.verify.
Martin von Löwis
Drop usage of cookies.
Martin von Löwis
Fix exception for defaultdict.
Martin von Löwis
Streamline session handling.
ja...@nottheoilrig.com
Update demo app to reuse associations.
ja...@nottheoilrig.com
Prevent a malicious user who controls an OP-local identifier from impersonating claimed identifiers that the OP is authorized to make assertions about, but that the user doesn't control.
ja...@nottheoilrig.com
ja...@nottheoilrig.com
Add 1.1 compatibility: RP MUST keep track of what claimed identifier was used to discover the OP-local identifier, for example by keeping it in session state.
ja...@nottheoilrig.com
Cache discovered OP endpoint URL to avoid repeating discovery when verifying assertions. When verifying assertions, OP endpoint URL is used to get an association if one is stored, and to perform direct verification otherwise.
ja...@nottheoilrig.com
Extend demo app to demonstrate direct verification. Use discovered OP endpoint URL to perform direct verification.
ja...@nottheoilrig.com
Key associations on OP endpoint URL *and* assoc_handle, to prevent a malicious user from causing us to establish an association with an OP that it controls, then forging assertions from an OP that it doesn't control.
Martin von Löwis
Use IPv6/v4 wildcard if requested.
Martin von Löwis
Properly process cancel responses.
Martin von Löwis
Implement XRI resolution.
Peter Tröger
Changed module to a package