Ryan Kelly
d7ea1fc239
fix(scopes): Document scope-handling rules, use shared code to enforce them.
2018-08-14 21:45:45 -07:00
John Morrison
adfff658c4
fix(purge): add purgeExpiredTokensById to select, then delete by primary key ( #580 ); r=rfk
2018-07-18 18:28:12 -07:00
Alex Davis
8ad17c1d2a
fix(doc): Putting a little emphasis on email first ( #584 ) r=@shane-tomlinson
...
I was going to link to this page and I realized we didn't put any emphasis on email first flow so I thought I would add that. I believe we all want to make it clear that it is the new preferred method for authenticating users.
2018-07-18 11:11:21 +01:00
Vlad Filippov
e24a5820ab
fix(clients): match the notes client with fxa-dev and other envs ( #585 ); r=rfk
2018-07-17 19:23:30 -07:00
Shane Tomlinson
38e1d73930
fix(config): For dev, the openid issuer is http://127.0.0.1:3030 ( #583 ) r=@vladikoff
...
This enables the content server functional tests to run locally
when using fxa-local-dev
fixes mozilla/fxa-content-server#6362
2018-07-17 12:08:33 -04:00
John Morrison
49a45d6555
Dockerpush fix docker use base builder run npm ls production ( #579 )
2018-07-16 11:06:03 -04:00
Shane Tomlinson
7cfc35a591
Release v1.116.0 ( #582 )
2018-07-11 09:45:29 -04:00
Ryan Kelly
b905b7cf63
feat(codes): Delete authorization codes when revoking client access. ( #578 ); r=philbooth
2018-07-09 23:14:15 -07:00
Ryan Kelly
57344df08f
Merge pull request #574 from mozilla/train-115
...
Merge private train-115 point-release to master
2018-07-04 16:01:52 -07:00
Ryan Kelly
86030ea230
Release v1.115.2
2018-07-05 08:47:30 +10:00
Ryan Kelly
2c2cd2262d
fix(mysql): Correctly aggregate tokens by clientid. ( #576 ) r=@vladikoff
2018-07-04 18:46:49 -04:00
Ryan Kelly
5d198fc378
Release v1.115.1
2018-06-27 16:00:28 +10:00
Ryan Kelly
15c3065037
fix(tokens): Avoid quadratic behaviour when listing active clients. ( #9 ); r=vladikoff
2018-06-26 22:59:10 -07:00
Vlad Filippov
6a5b7446c9
Release v1.115.0
2018-06-25 14:20:54 -04:00
Shane Tomlinson
b716bb0c2d
Release v1.114.0 ( #568 ) r=@rfk
2018-06-13 11:38:02 -07:00
John Morrison
d4060be69f
fix(docker): base image node:8-alpine and upgrade to npm6 ( #567 ) r=@jbuck,@vladikoff
2018-06-12 21:53:36 -07:00
Vlad Filippov
5f7fa7ca65
Release v1.113.1
2018-06-09 08:34:13 -07:00
Ryan Kelly
f9ad63ed6f
feat(authorization): Require tokenVerified=true for key-bearing scopes. ( #561 ) r=@vladikoff
...
The sync tokenserver does a special check for "fxa-tokenVerified" in order to enforce the use of session verification when accessing sync:
https://github.com/mozilla-services/tokenserver/blob/master/tokenserver/views.py#L140
Let's apply the same check here before granting any scopes that come with keys. In theory the user should always have a verified assertion when requesting one of these scopes, because they will have just done a keyfetch that would have required it. But there is at least one known series of calls to our backend that can yield keys without doing a verification, so it makes sense to double-check here and avoid any loopholes.
2018-06-09 08:33:41 -07:00
Ryan Kelly
d70fe6d887
fix(pkce): Don't require PKCE in the direct grant flow. ( #566 ) r=@vladikoff
...
Fixes #559 .
2018-06-09 08:29:56 -07:00
Shane Tomlinson
c87092e507
Release v1.113.0
2018-05-30 20:04:17 +01:00
vladikoff
1e20a50bc5
Release v1.112.1
2018-05-17 10:15:16 -04:00
Vlad Filippov
bc9256e88c
fix(changelog): update to latest changelog version ( #556 )
2018-05-17 10:14:51 -04:00
Vlad Filippov
97e4f628a5
feat(ci): move to CircleCI 2 ( #554 ) r=@jbuck
2018-05-17 09:51:32 -04:00
Shane Tomlinson
c84a58ccf9
Release v1.112.0
2018-05-16 13:50:16 +01:00
Shane Tomlinson
8cbddfb924
Release v1.111.0
2018-05-02 10:35:56 +01:00
Vlad Filippov
f2e7bb47b1
feat(sync): add oldsync scope ( #550 ) r=@rfk
2018-04-30 21:38:56 -04:00
Vlad Filippov
61ed2e7309
feat(sync): add local test client for sync ( #549 )
2018-04-30 17:23:16 -04:00
Ryan Kelly
b93e6a1657
fix(validation): Allow redirect uris with existing query params. ( #548 ); r=philbooth
2018-04-27 14:33:11 +10:00
Deepti
d743721113
fix(changelog): Fixes #524 automated changelog is borked ( #542 ) r=@vladikoff
...
Fixes https://github.com/mozilla/fxa-oauth-server/issues/524
2018-04-23 22:44:57 -04:00
Vlad Filippov
e9b08ae026
feat(node): update to node 8 ( #544 ) r=@jrgm
2018-04-23 20:40:35 -04:00
Vlad Filippov
9d5ec8e5ab
fix(oauth): another notes dev client ( #546 )
2018-04-20 10:33:40 -04:00
Deepti
068bd4baea
refactor(email): Fixes #352 Remove ability to fetch email address ( #543 ) r=@shane-tomlinson
2018-04-19 14:40:33 +02:00
Shane Tomlinson
d3cda9d0de
Release v1.110.0
2018-04-18 13:41:18 +01:00
Ryan Kelly
7ad1e56f95
feat(authorization): Directly return `code` in authorization response. ( #541 ); r=philbooth
...
Everyone who calls the `POST /authorization` API seems to parse the
code out of the query parameters of returned redirect URL, so we might
as well just return it directly.
2018-04-18 17:07:23 +10:00
Deepti
6a5d3ceb3c
fix(tests): mock outstanding error logs in test suite r=@vladikoff
...
Fixes #334 Mock outstanding error logs in test suite.
Also handles mozlog deprecation warning.
2018-04-11 12:12:04 -04:00
Shane Tomlinson
cb11145edf
feat(email-first): Add support for the email-first flow. ( #540 ); r=philbooth,rfk
...
Use the `action=email` query parameter to trigger the
email-first flow. Redirects to `/` on the content
server, propagating the `action=email` query parameter.
fixes #539
2018-04-10 17:15:38 +10:00
vladikoff
c22f51c286
Release v1.109.0
2018-04-03 21:53:16 -04:00
Vlad Filippov
ff9e4228d9
feat(oauth): make server compatible with AppAuth ( #534 ) r=@rfk
...
Ref: https://appauth.io/
2018-04-03 21:52:59 -04:00
Jon Buckley
f32a3d7cf8
fix(node): Use Node.js v6.14.0 ( #537 )
2018-03-29 15:14:41 +00:00
Vlad Filippov
e8bf2e5cdf
chore(config): add Notes trailing slash to redirect in dev.json ( #536 )
2018-03-29 01:31:19 -04:00
Ryan Kelly
02804a8111
fix(scripts): Fix varname typo in test runner script. ( #535 )
2018-03-26 23:28:55 -04:00
Ryan Kelly
d395e66df7
Merge branch 'master' of github.com:mozilla/fxa-oauth-server
2018-03-27 14:25:29 +11:00
Vlad Filippov
aa68fb9d77
fix(route): make email false by default ( #533 ) r=@rfk
2018-03-20 22:39:21 -04:00
Ryan Kelly
4f913108d5
Release v1.108.0
2018-03-21 13:37:28 +11:00
Ryan Kelly
8181f7f677
feat(amr): Report `amr` and `acr` claims in the id_token. ( #530 ); r=vbudhram
2018-03-20 12:56:18 +11:00
Deepti
fd85207265
fix(buffer): #527 Migrate deprecated buffer calls ( #528 ) r=@vladikoff
...
Fixes #527
2018-03-14 11:39:36 -04:00
Ryan Kelly
c69fee16d1
Release v1.107.0
2018-03-08 10:26:51 +11:00
Ryan Kelly
78c88ad9a6
chore(deps): Update hapi to v16.6.3 ( #526 )
2018-03-08 10:23:50 +11:00
Vlad Filippov
378360537c
chore(npm): update to npm5 ( #522 ) r=@vbudhram
2018-03-01 10:35:30 -05:00
Ryan Kelly
d813465aef
Release v1.106.0
2018-02-21 12:28:12 +11:00