• Joined on 2024年10月31日
Okan0 created pull request allauth/django-allauth#4758 2026年07月02日 11:23:00 +02:00
fix(idp): Fix ID_TOKEN_EXPIRES_IN setting always returning the default
Okan0 pushed to feature/fix-id-token-expiration-setting at Okan0/django-allauth 2026年07月02日 11:17:41 +02:00
d9ac9a200d fix(idp): Fix ID_TOKEN_EXPIRES_IN setting always returning the default
Okan0 pushed to feature/fix-id-token-expiration-setting at Okan0/django-allauth 2026年07月02日 11:13:49 +02:00
c9b4ee048d fix(idp): Fix ID_TOKEN_EXPIRES_IN setting always returning the default
Okan0 created branch feature/fix-id-token-expiration-setting in Okan0/django-allauth 2026年07月02日 11:13:49 +02:00
Okan0 pushed to main at Okan0/django-allauth 2026年07月01日 16:08:37 +02:00
76d8420295 fix(idp): split introspect ratelimit
dc76fdcdc5 feat(idp): INTROSPECTION_CROSS_CLIENT_ALLOWED
ba4e38d8da feat(idp): token introspection
Compare 3 commits »
Okan0 commented on pull request allauth/django-allauth#4755 2026年06月29日 11:43:14 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint
Okan0 commented on pull request allauth/django-allauth#4755 2026年06月19日 00:22:18 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Done, but keep in mind that now revoking / rotating a signing key won't have any effect on the introspect endpoint, therefore treating JWTs signed with an rotated out signing key are still...

Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月18日 22:23:16 +02:00
11b6aed70a feat(idp): Simplify determine_token
Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月18日 22:09:32 +02:00
3cf6f853cd feat(idp): changes after review
Okan0 commented on pull request allauth/django-allauth#4755 2026年06月18日 21:52:51 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Theoretically yes, but per security consideration, the following is stated:

Okan0 commented on pull request allauth/django-allauth#4755 2026年06月17日 08:49:09 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint
Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月17日 08:45:56 +02:00
524547b061 feat(idp): Add clientId to introspect ratelimit
Okan0 commented on pull request allauth/django-allauth#4755 2026年06月17日 08:36:42 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Updated the docs to properly reflect that

Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月17日 08:35:23 +02:00
d8394061d5 chore(docs): Update description of "DEFAULT_AUTH_METHODS" to match usage
Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月17日 08:31:37 +02:00
de293f34a7 feat(idp): small improvements
Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月17日 08:15:25 +02:00
edc8d3a704 fix(idp): Remove introspect scope leftovers and fix tests
Okan0 pushed to feature/add-introspect-endpoint at Okan0/django-allauth 2026年06月17日 08:07:50 +02:00
6836a10374 feat(idp): Remove "required_scopes" from CalidationContext
7531ee3dbf feat(idp): Drop bearer auth support for introspect
Compare 2 commits »
Okan0 commented on pull request allauth/django-allauth#4755 2026年06月17日 07:15:08 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Ok, I'll remove it then, and additionally I'll check and "separate" the token.user check from that call as this only indicates if the token is active, not if the caller has access to it. Imo in...

Okan0 commented on pull request allauth/django-allauth#4755 2026年06月16日 21:19:28 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Just a quick search:

Okan0 commented on pull request allauth/django-allauth#4755 2026年06月16日 21:04:08 +02:00
feat(idp): Add RFC-7662 support - introspect Endpoint

Well sure it's some kind of asymmetric, maybe it would be possible to add the introspect scope check only to the bearer functionality. Otherwise it would be possible for anyone getting an...