#8461 replace python-oauth2 with oauthlib NEEDS CMD, INDEX

v1.15.0
closed
None
General
nobody
2023-09-14
2022-09-07
No

python-oauth2 hasn't been maintained in a long time. Oauthlib is better, and will make it easier to support OAuth2 spec in the future

Discussion

  • Dave Brondsema

    Dave Brondsema - 2022-09-14
    • summary: replace python-oauth2 with oauthlib --> replace python-oauth2 with oauthlib NEEDS CMD, INDEX
    • status: in-progress --> review
     
  • Dave Brondsema

    Dave Brondsema - 2022-09-14

    db/8461

    need to run allurapaste script /var/local/config/production.ini allura/scripts/create_oauth1_dummy_tokens.py for it to handle invalid input params without erroring. And ensure_index cmd would be good too.

    some changes:

    • validation pins are 30 chars now, instead of 6 chars for out-of-band (non-web, like scripts) and 20 chars for web redirects
    • request tokens are deleted after use, can’t be re-used

    not changed:

    • oauth_callback=oob is assumed as default if not given. The oauth1 spec requires it to be given, but we haven't been requiring it so we'll keep defaulting so that no scripts break
     
  • Kenton Taylor - 2022-09-22
    • status: review --> closed
     
  • Guillermo Cruz - 2023-09-14
    • Milestone: unreleased --> v1.15.0
     

Log in to post a comment.