Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth2: connection of auth code with access token #67

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

oauth2: connection of auth code with access token #67

wants to merge 1 commit into from

Conversation

hachreak
Copy link

Signed-off-by: Leonardo Rossi leonardo.rossi@studenti.unipr.it

@dvaergiller
Copy link

Thank you for contributing.

I have a couple of questions before merging this, and it seems to me that these are two rather independent commits. Would you mind creating two separate pull requests for this?

@hachreak
Copy link
Author

hi @dvaergiller, thanks for taking in account my PR! 😄
I'll make two separate PR just now. :)

@hachreak
oauth2: connection of auth code with access token
016ef38 
* On access token creation, the relation with the auth code is saved.
  (addresses kivra#66)

Signed-off-by: Leonardo Rossi <leonardo.rossi@studenti.unipr.it>
@dvaergiller
Copy link

Thank you. I will close this one for the sake of the new PRs.

@deadtrickster
Copy link

@dvaergiller looks like he already moved one commit to the other PR. and only one commit left here

@dvaergiller
Copy link

My bad. Reopening.

@dvaergiller dvaergiller reopened this Oct 18, 2016
@dvaergiller
Copy link

On this one I would like some more information. Is there any particular use case that is not fulfilled without saving the auth code in the context?

Without looking into it that much, I am not 100% sure that there are no security implications to consider here.

@hachreak
Copy link
Author

As mentioned in the commit message, I'm trying to handle the case of access token revocation by the user.
Apparently OAuth2 RFC doesn't cover this use case (or, at least I didn't find anything XD).
I found the 7009 RFC, but doesn't help me because it cover the case where the client ask to revoke its token, but doesn't say anything about the user.
What do you think?

@hachreak
Copy link
Author

Hi @dvaergiller , any news about my PR? :)

@dvaergiller
Copy link

Hi. Sorry for delays. A few busy weeks.

I'll pick this up again through this week.

@hachreak
Copy link
Author

Thanks 😄 💃

@hachreak
Copy link
Author

Hi @dvaergiller,
there are any news? Did you find the time to check the PR? :)
thanks

@hachreak
Copy link
Author

ping @dvaergiller

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hachreak @dvaergiller @deadtrickster