Jonathan Huot
Jonathan Huot
Hi @oauthlib/core-contributors, I would like to propose that all majors downstream players to have a role in the oauthlib group. Without them, the framework would not survive and we see...
I would like to start the discussion around the OAuth2.0 Dynamic Client Registration (https://github.com/oauthlib/oauthlib/issues/649) and see how it could be implemented in OAuthlib via endpoint and RequestValidator. That's an early...
**Describe the feature** Ideally the documentation should mention all the datastore models required by the OpenID Connect flows. The current documentation has this section for OAuth2.0 (https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#create-your-datastore-models) but it is...
**Describe the feature** Adding Custom Validators to Grants is doable by using the `GrantType` interface (see https://github.com/oauthlib/oauthlib/blob/v2.1.0/oauthlib/oauth2/rfc6749/grant_types/base.py#L49-L56). However, we provide `pre_configured` classes which does not expose "easily" these grant types....
Currently, oauthlib feature list is maintained here: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html We can improve it by showing all "OAuth"-related RFCs, and the status/roadmap for each (if not applicable, or "won't do", say it)....
Hi, I was looking on the [OAuth2 RFC about the client_credentials/Access Token Response](https://tools.ietf.org/html/rfc6749#section-4.4.3), and it says `A refresh token SHOULD NOT be included.` So its inclusion depends of the implementor's...
**Describe the feature** For OAuth2 Provider implementation, HTTP Basic Auth is optional for authenticating the client. However, the web framework (flask-oauthlib, django-oauth-toolkit, bottle-oauthlib) are doing the RFC job themselves because...
**Describe the feature** OAuthlib should try to manage the `token_type_hint` itself, instead of relying on the application. Every "RFC code" should be in oauthlib and not in the application, which...
**Describe the bug** If multiple workers/threads are processing the same code at the same time, we can have a race condition where multiple responses contains valid tokens. The current code...
The flows shown in the dot graph (see https://github.com/oauthlib/oauthlib/pull/642#issue-242956366) uncovered an issue in the order of the calls. ### Resource Owner Password Grant `validate_grant_type` is called AFTER `validate_user`, which can...