revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00
Code Issues Releases Wiki Activity
No description
1535 commits 3 branches 7 tags 153 MiB
PHP 93.5%
JavaScript 4.1%
CSS 2.4%
Find a file
Bob Trahan af295e0b26 OAuth Server enhancements -- more complete access token response and groundwork 
for scope

Summary:
this patch makes the access token response "complete" relative to spec by
returning when it expires AND that the token_type is in fact 'Bearer'.

This patch also lays the groundwork for scope by fixing the underlying data
model and adding the first scope checks for "offline_access" relative to expires
and the "whoami" method.   Further, conduit is augmented to open up individual
methods for access via OAuth generally to enable "whoami" access.   There's also
a tidy little scope class to keep track of all the various scopes we plan to
have as well as strings for display (T849 - work undone)

Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE.  We
then don't even bother with the OAuth stuff within conduit if we're not supposed
to be accessing the method via Conduit.   Felt relatively clean to me in terms
of additional code complexity, etc.

Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize
clients for specific scopes which kinds of needs T850).  There's also a bunch of
work that needs to be done to return the appropriate, well-formatted error
codes.  All in due time...!

Test Plan:
verified that an access_token with no scope doesn't let me see
anything anymore.  :(  verified that access_tokens made awhile ago expire.  :(

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T888, T848

Differential Revision: https://secure.phabricator.com/D1657
2012-02-21 16:33:06 -08:00
bin Improve CLI script for account creation and document account/reg setup process 2011-05-12 18:44:53 -07:00
conf OAuth - Phabricator OAuth server and Phabricator client for new Phabricator OAuth Server 2012-02-19 14:00:13 -08:00
externals Add gRaphael charting library 2012-02-21 15:10:24 -08:00
resources OAuth Server enhancements -- more complete access token response and groundwork 2012-02-21 16:33:06 -08:00
scripts Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks 2012-02-14 14:51:51 -08:00
src OAuth Server enhancements -- more complete access token response and groundwork 2012-02-21 16:33:06 -08:00
support/aphlict Aphlict, simple notification server 2011-05-17 10:32:41 -07:00
webroot Add gRaphael charting library 2012-02-21 15:10:24 -08:00
.arcconfig Add a custom lint name hook to Phabricator 2011-08-31 13:49:30 -07:00
.divinerconfig Some documentation updates. 2011-09-14 08:02:31 -07:00
.gitignore Key Value Store for ManiphestTask 2011-07-25 19:11:55 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

README 

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0