globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

feat: OIDC password grant supports other client authentication methods

Browse source
This commit is contained in:
Éloi Rivard 2023-11-18 19:20:14 +01:00
parent fa24c2e810
commit 771d3952a3
No known key found for this signature in database
GPG key ID: 7EDA204EA57DD184
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES.rst
View file

@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file.
The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_, The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_,
and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_. and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_.
Added
*****
- Refresh token grant supports other client authentication methods. :pr:`156`
Changed Changed
******* *******

2
canaille/oidc/oauth.py
View file

@ -221,6 +221,8 @@ class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant):
class RefreshTokenGrant(_RefreshTokenGrant): class RefreshTokenGrant(_RefreshTokenGrant):
TOKEN_ENDPOINT_AUTH_METHODS = ["client_secret_basic", "client_secret_post", "none"]
def authenticate_refresh_token(self, refresh_token): def authenticate_refresh_token(self, refresh_token):
token = models.Token.query(refresh_token=refresh_token) token = models.Token.query(refresh_token=refresh_token)
if token and token[0].is_refresh_token_active(): if token and token[0].is_refresh_token_active():