efd5f481e9
This implements a few oauth2 fixes: - passes along the state object - enforces authorization code expiration (currently set to 1 minute, we could make this configurable) - enforces redirect_uri - properly checks for client_secret when granting a token - handles pulling client authentication for token grant from basic auth - implement token revocation |
||
---|---|---|
.. | ||
__init__.py | ||
application.py | ||
authorization.py | ||
token.py |