Rjevski opened issue allauth/django-allauth#4739 2026年05月17日 04:01:11 +02:00
Rate-limiting should key by the /64 subnet for IPv6 addresses
Rjevski commented on issue allauth/django-allauth#4546 2026年03月20日 03:51:39 +01:00
SMS-based MFA?

I have implemented it in a different way, instead of using the "phone support" in the adapter/etc, I instead:

Rjevski commented on pull request allauth/django-allauth#4210 2024年12月29日 21:23:39 +01:00
[RFC] Implement support for RP-initiated logout.

Support headless (browser) operation.

This is a tricky one, because frontend Javascript can not always achieve the IdP logout even if it was aware of the IdP logout URL, both because of the...

Rjevski pushed to 404-on-unknown-oidc-provider-id at Rjevski/django-allauth 2024年12月29日 21:12:23 +01:00
64fc478f97 fix(openid_connect tests): fix assertion method name.
Rjevski commented on pull request allauth/django-allauth#4210 2024年12月29日 21:10:25 +01:00
[RFC] Implement support for RP-initiated logout.

Sorry, I'm not following - do you mean store the logout data (id_token, etc) as part of the request.session['AUTHENTICATION_METHODS_SESSION_KEY'] structure?

Rjevski commented on pull request allauth/django-allauth#4210 2024年12月29日 21:09:10 +01:00
[RFC] Implement support for RP-initiated logout.

The reason we do the stashing in the adapter and not the provider is that doing so at the adapter level lets us determine whether it's a login vs a connection (I believe the adapter's login method...

Rjevski commented on pull request allauth/django-allauth#4210 2024年12月29日 20:57:55 +01:00
[RFC] Implement support for RP-initiated logout.

As the spec says it seems to be up to the application. I guess we could make this a configurable parameter as to whether to log out from the IdP first or whether to logout locally first?

The...

Rjevski created pull request allauth/django-allauth#4220 2024年12月29日 20:50:05 +01:00
OIDC: gracefully handle requests with invalid provider IDs.
Rjevski pushed to 404-on-unknown-oidc-provider-id at Rjevski/django-allauth 2024年12月29日 20:47:27 +01:00
11df033344 fix(openid_connect): do not raise an unhandled exception when an invalid provider_id is provided in the URL.
Rjevski created branch 404-on-unknown-oidc-provider-id in Rjevski/django-allauth 2024年12月29日 20:47:26 +01:00
Rjevski pushed to rp-initiated-logout at Rjevski/django-allauth 2024年12月20日 00:00:51 +01:00
43d11d04a3 fix(account adapter): fix circular import.
Rjevski pushed to rp-initiated-logout at Rjevski/django-allauth 2024年12月19日 23:51:55 +01:00
af37af92ff style: blacken.
18a0cd0339 feat(accounts, oidc): delegate handling of session[_allauth_logout_data] to Allauth.
41e7e70fef style: blacken.
Compare 3 commits »
Rjevski commented on pull request allauth/django-allauth#4210 2024年12月19日 23:45:23 +01:00
[RFC] Implement support for RP-initiated logout.

Could this explode if the socialaccount app isn't installed? On the other hand, we should never end up here if it isn't installed, as the authentication records would never include any social app so I think it's fine.

Rjevski created pull request allauth/django-allauth#4210 2024年12月19日 23:37:14 +01:00
[RFC] Implement support for RP-initiated logout.
Rjevski pushed to rp-initiated-logout at Rjevski/django-allauth 2024年12月19日 23:30:26 +01:00
650c5a026b feat(accounts, oidc): Implement support for RP-initiated logout.
Rjevski pushed to rp-initiated-logout at Rjevski/django-allauth 2024年12月19日 23:29:20 +01:00
5e51f03139 Implement support for RP-initiated logout.
Rjevski created branch rp-initiated-logout in Rjevski/django-allauth 2024年12月19日 23:29:19 +01:00
Rjevski created repository Rjevski/django-allauth 2024年12月19日 23:08:51 +01:00
Rjevski commented on pull request allauth/django-allauth#4151 2024年10月20日 19:03:06 +02:00
Implement support for Facebook Limited Login.

Yes, sorry, copy-paste fail (this is copied from a subclass where calling super would actually call the original Allauth method). Will fix.

Rjevski commented on pull request allauth/django-allauth#4151 2024年10月20日 19:02:28 +02:00
Implement support for Facebook Limited Login.

Oh wow you are right, I completely missed that. Indeed, I will remove it!