Skip to content

Allow Authorization Code flow without a client_secret - Initial commit with Patch & testcases#1276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
n2ygk merged 2 commits into from
May 31, 2023
Merged

Allow Authorization Code flow without a client_secret - Initial commit with Patch & testcases #1276

n2ygk merged 2 commits into from
May 31, 2023

Conversation

@bull500
Copy link
Contributor

@bull500bull500 commented May 31, 2023

Hello @n2ygk
Here's the PR

Fixes#1092

Description of the Change

Patch to address -> Allow Authorization Code flow without a client_secret #1092
Edited oauth2_provider/oauth2_validators.py and added testcases to tests/test_oauth2_validators.py
Ran tox. Seems alright

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@codecov
Copy link

codecovbot commented May 31, 2023
edited
Loading

Codecov Report

Merging #1276 (3ee6e66) into master (016c6c3) will decrease coverage by 0.06%.
The diff coverage is 100.00%.

@@ Coverage Diff @@## master #1276 +/- ## ========================================== - Coverage 97.29% 97.24% -0.06%  ========================================== Files 31 31 Lines 1996 1996 ========================================== - Hits 1942 1941 -1 - Misses 54 55 +1
Impacted FilesCoverage Δ
oauth2_provider/oauth2_validators.py93.98% <100.00%> (ø)

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

n2ygk
n2ygk approved these changes May 31, 2023
View reviewed changes
Copy link
Contributor

@n2ygkn2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice, clean addition that will help those who follow the latest OAuth 2.0 BCP which deprecates the implicit grant for browser-based apps, instead using authorization code with PKCE and an empty client_secret.

Thanks for this improvement!

n2ygk
n2ygk approved these changes May 31, 2023
View reviewed changes
Copy link
Contributor

@n2ygkn2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice, clean addition that will help those who follow the latest OAuth 2.0 BCP which deprecates the implicit grant for browser-based apps, instead using authorization code with PKCE and an empty client_secret.

Thanks for this improvement!

@n2ygkn2ygk merged commit 64faa9e into django-oauth:masterMay 31, 2023
@bull500
Copy link
ContributorAuthor

bull500 commented May 31, 2023

Thank you @n2ygk for the merge and support! 😄

@glaucojunior22glaucojunior22 mentioned this pull request Jun 14, 2023
Merged
3 tasks
@kbernst30kbernst30 mentioned this pull request Jan 14, 2024
Closed
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@n2ygkn2ygkn2ygk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow Authorization Code flow without a client_secret

2 participants

@bull500@n2ygk